1. Caddy version (caddy version
):
v2.3.0 h1:fnrqJLa3G5vfxcxmOH/+kJOcunPLhSBnjgIvjXV/QTA=
2. How I run Caddy:
systemd
a. System environment:
ubuntu lts LXD container
b. Command:
n/a
c. Service/unit/compose file:
n/a
d. My complete Caddyfile or JSON config:
example.com {
tls me@example.com {
dns cloudflare <token>
on_demand
}
respond "example.com"
}
*.internal.example.com {
tls me@example.com {
dns cloudflare <token>
on_demand
}
respond "internal.example.com"
}
test.internal.example.com {
respond "test test"
}
3. The problem I’m having:
From the logs, it appears that Caddy is getting a separate cert for test.internal.example.com
I want the wildcard certificate to apply to this and all other sub-subdomains.
4. Error messages and/or full log output:
Jan 20 11:09:05 web caddy[20528]: {“level”:“info”,“ts”:1611166145.5979447,“logger”:“tls.issuance.acme”,“msg”:“waiting on internal rate limiter”,“identifiers”:[“test.internal.example.com”]}
Jan 20 11:09:05 web caddy[20528]: {“level”:“info”,“ts”:1611166145.5979662,“logger”:“tls.issuance.acme”,“msg”:“done waiting on internal rate limiter”,“identifiers”:[“test.internal.example.com”]}
Jan 20 11:09:06 web caddy[20528]: {“level”:“info”,“ts”:1611166146.169499,“logger”:“tls.issuance.acme.acme_client”,“msg”:“trying to solve challenge”,“identifier”:“test.internal.example.com”,“challenge_type”:“dns-01”,“ca”:“https://acme-staging-v02.api.letsencrypt.org/directory”}
Jan 20 11:09:09 web caddy[20528]: {“level”:“info”,“ts”:1611166149.8529754,“logger”:“tls.issuance.acme.acme_client”,“msg”:“validations succeeded; finalizing order”,“order”:“https://acme-staging-v02.api.letsencrypt.org/acme/order/89898098/876876876”}
Jan 20 11:09:11 web caddy[20528]: {“level”:“info”,“ts”:1611166151.1410773,“logger”:“tls.issuance.acme.acme_client”,“msg”:“successfully downloaded available certificate chains”,“count”:2,“first_url”:“https://acme-staging-v02.api.letsencrypt.org/acme/cert/kjhkjhkjhkhkjhkjhkjhkjh”}
Jan 20 11:09:11 web caddy[20528]: {“level”:“info”,“ts”:1611166151.1414554,“logger”:“tls.obtain”,“msg”:“certificate obtained successfully”,“identifier”:“test.internal.example.com”}
Jan 20 11:09:11 web caddy[20528]: {“level”:“info”,“ts”:1611166151.141469,“logger”:“tls.obtain”,“msg”:“releasing lock”,“identifier”:“test.internal.example.com”}
5. What I already tried:
Putting the tls
directive block in the test....
site block. The log output is from that iteration. Without it, Caddy tries the HTTP challenge (and fails since the address does not exist).