1. Caddy version (caddy version
):
2.4.5
2. How I run Caddy:
a. System environment:
debian 10 LXC on proxmox
only services running are caddy and ddclient
b. Command:
systemctl start caddy
d. My complete Caddyfile or JSON config:
zanj.cc {
tls {
dns cloudflare API_TOKEN
}
}
3. The problem I’m having:
This is the same problem I’ve written about previously at this thread which is now locked - I’ve put up with it by turning off the Cloudflare dns proxy and removing the tls
line from my Caddyfile, renewing certs and then turning the cloudflare proxy back on. ie not automatic - I’ve come back to do this manually a few times since originally posting this issue - finally finding some free time to (hopefully) find a solution!
I’ve tried this with a container, starting from a fresh caddy & cloudflare dns installer, with the container resolv.conf giving 1.1.1.1 and 1.0.0.1 as dns servers, verified by $ dig caddy.community
returning 1.1.1.1#53 as expected (I had a redirect to only allow the pihole servers access to 53, but have turned this off for now).
I still get the following errors in next section.
4. Error messages and/or full log output:
Feb 14 15:58:33 caddy caddy[12711]: {"level":"info","ts":1644854313.6137033,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"zanj.cc","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
Feb 14 16:00:37 caddy caddy[12711]: {"level":"error","ts":1644854437.4932487,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"zanj.cc","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[zanj.cc] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/25750648/1787790298) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
5. What I already tried:
- Verified
dig caddy.community
returns 1.1.1.1#53 as expected - Created new lxc and installed caddy & cloudflare dns challenger as per the install instructions
- Watched the cloudflare DNS dashboard after starting caddy (systemctl restart caddy), waited until the log shows
trying to solve challenge
- and within ~15 seconds a TXT record is added:_acme-challenge
and contentsLONG_STRING_OF_TEXT
- As per previous thread - I’m not sure what is next to try?!
6. Links to relevant resources:
My previous thread https://caddy.community/t/verify-dns-provider-configuration-is-correct-dns-01-challenge-fails-cloudflare/13568)