Continued cloudflare dns challenge issue

shar · February 14, 2022, 4:22pm

1. Caddy version (`caddy version`):

2.4.5

2. How I run Caddy:

a. System environment:

debian 10 LXC on proxmox
only services running are caddy and ddclient

b. Command:

systemctl start caddy

d. My complete Caddyfile or JSON config:

zanj.cc {
        tls {
                dns cloudflare API_TOKEN
        }
}

3. The problem I’m having:

This is the same problem I’ve written about previously at this thread which is now locked - I’ve put up with it by turning off the Cloudflare dns proxy and removing the tls line from my Caddyfile, renewing certs and then turning the cloudflare proxy back on. ie not automatic - I’ve come back to do this manually a few times since originally posting this issue - finally finding some free time to (hopefully) find a solution!

I’ve tried this with a container, starting from a fresh caddy & cloudflare dns installer, with the container resolv.conf giving 1.1.1.1 and 1.0.0.1 as dns servers, verified by $ dig caddy.community returning 1.1.1.1#53 as expected (I had a redirect to only allow the pihole servers access to 53, but have turned this off for now).

I still get the following errors in next section.

4. Error messages and/or full log output:

Feb 14 15:58:33 caddy caddy[12711]: {"level":"info","ts":1644854313.6137033,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"zanj.cc","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
Feb 14 16:00:37 caddy caddy[12711]: {"level":"error","ts":1644854437.4932487,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"zanj.cc","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[zanj.cc] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/25750648/1787790298) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}

5. What I already tried:

Verified dig caddy.community returns 1.1.1.1#53 as expected
Created new lxc and installed caddy & cloudflare dns challenger as per the install instructions
Watched the cloudflare DNS dashboard after starting caddy (systemctl restart caddy), waited until the log shows trying to solve challenge - and within ~15 seconds a TXT record is added: _acme-challenge and contents LONG_STRING_OF_TEXT
As per previous thread - I’m not sure what is next to try?!

6. Links to relevant resources:

My previous thread https://caddy.community/t/verify-dns-provider-configuration-is-correct-dns-01-challenge-fails-cloudflare/13568)

shar · February 14, 2022, 4:37pm

Rather than edit - incase anyone has already read this (!):

I can also confirm caddy can see the txt file:

dig @ray.ns.cloudflare.com _acme-challenge.zanj.cc txt

returns the same text I can see on the cloudflare dashboard.

francislavoie · February 14, 2022, 8:28pm

A post was merged into an existing topic: Verify DNS provider configuration is correct - dns-01 challenge fails - cloudflare

system · March 16, 2022, 4:22pm

This topic was automatically closed after 30 days. New replies are no longer allowed.