1. Caddy version:
v2.6.2
2. How I installed, and run Caddy:
a. System environment:
Docker dekstop for windows 10
b. Command:
FROM caddy:2-builder AS builder
RUN xcaddy build \
--with github.com/caddy-dns/duckdns
FROM caddy:2
COPY --from=builder /usr/bin/caddy /usr/bin/caddy
docker build -t "caddy-duckdns" .
docker compose up -d
c. Service/unit/compose file:
services:
caddy:
image: caddy-duckdns
container_name: caddy
restart: unless-stopped
ports:
- 80:80
- 443:443
volumes:
- ./caddy/Caddyfile:/etc/caddy/Caddyfile:ro
- C:/Docker-data/caddy-data:/data
environment:
- DOMAIN=green-jungle.duckdns.org
- DUCKDNS_TOKEN=<redacted>
networks:
default:
name: web-stack
d. My complete Caddy config:
{
debug
}
{$DOMAIN} {
tls {
dns duckdns {$DUCKDNS_TOKEN}
}
respond "It's a duck world!"
}
3. The problem I’m having:
Previously my entire setup was working fine. However, since the end of last year, I am having trouble renewing certificates. Initially I thought it might have been a hiccup on duckdns side but because it is still not working I am pretty sure it is on my side. I have removed everything from my configs and I still cannot get it to work - the shown config is what I am actually trying to get started.
I keep ending up with the ‘Could not determine zone for domain’ line at the end of the log…
please assist
4. Error messages and/or full log output:
2023-01-30 00:23:07 {"level":"debug","ts":1675034587.6759903,"logger":"events","msg":"event","name":"cert_obtaining","id":"04d23487-d011-42e7-99d9-506988fc377c","origin":"tls","data":{"identifier":"green-jungle.duckdns.org"}}
2023-01-30 00:23:07 {"level":"debug","ts":1675034587.6801205,"logger":"tls.obtain","msg":"trying issuer 1/2","issuer":"acme-v02.api.letsencrypt.org-directory"}
2023-01-30 00:23:08 {"level":"debug","ts":1675034588.17546,"logger":"http.acme_client","msg":"http request","method":"GET","url":"https://acme-staging-v02.api.letsencrypt.org/directory","headers":{"User-Agent":["Caddy/2.6.2 CertMagic acmez (linux; amd64)"]},"response_headers":{"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["830"],"Content-Type":["application/json"],"Date":["Sun, 29 Jan 2023 23:23:09 GMT"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
2023-01-30 00:23:08 {"level":"debug","ts":1675034588.331489,"logger":"http.acme_client","msg":"http request","method":"HEAD","url":"https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce","headers":{"User-Agent":["Caddy/2.6.2 CertMagic acmez (linux; amd64)"]},"response_headers":{"Cache-Control":["public, max-age=0, no-cache"],"Date":["Sun, 29 Jan 2023 23:23:09 GMT"],"Link":["<https://acme-staging-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["BEB9vfeoBKu1n5XhB4BMNNUOGhrGtJri2XGY3zwfI8A7LVs"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
2023-01-30 00:23:08 {"level":"debug","ts":1675034588.5121162,"logger":"http.acme_client","msg":"http request","method":"POST","url":"https://acme-staging-v02.api.letsencrypt.org/acme/new-order","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.6.2 CertMagic acmez (linux; amd64)"]},"response_headers":{"Boulder-Requester":["85344273"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["360"],"Content-Type":["application/json"],"Date":["Sun, 29 Jan 2023 23:23:09 GMT"],"Link":["<https://acme-staging-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Location":["https://acme-staging-v02.api.letsencrypt.org/acme/order/85344273/6879787973"],"Replay-Nonce":["8F05qf8BBKtZ1BQgVPjSYK2UGmCXim_B5wjBBA5JU7YcwEo"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":201}
2023-01-30 00:23:08 {"level":"debug","ts":1675034588.670652,"logger":"http.acme_client","msg":"http request","method":"POST","url":"https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/5155500963","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.6.2 CertMagic acmez (linux; amd64)"]},"response_headers":{"Boulder-Requester":["85344273"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["826"],"Content-Type":["application/json"],"Date":["Sun, 29 Jan 2023 23:23:09 GMT"],"Link":["<https://acme-staging-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["A272e9_yeGdn771PcDBmGHTXKLiZ-lCXT_sgJ4NqYiDWKhs"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
2023-01-30 00:23:08 {"level":"debug","ts":1675034588.6720102,"logger":"http.acme_client","msg":"no solver configured","challenge_type":"tls-alpn-01"}
2023-01-30 00:23:08 {"level":"debug","ts":1675034588.6722088,"logger":"http.acme_client","msg":"no solver configured","challenge_type":"http-01"}
2023-01-30 00:23:08 {"level":"info","ts":1675034588.6722293,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"green-jungle.duckdns.org","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
2023-01-30 00:23:08 {"level":"error","ts":1675034588.7126393,"logger":"http.acme_client","msg":"cleaning up solver","identifier":"green-jungle.duckdns.org","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.green-jungle.duckdns.org\" (usually OK if presenting also failed)"}
2023-01-30 00:23:08 {"level":"debug","ts":1675034588.8765383,"logger":"http.acme_client","msg":"http request","method":"POST","url":"https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/5155500963","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.6.2 CertMagic acmez (linux; amd64)"]},"response_headers":{"Boulder-Requester":["85344273"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["830"],"Content-Type":["application/json"],"Date":["Sun, 29 Jan 2023 23:23:09 GMT"],"Link":["<https://acme-staging-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["EA57PRT-AesTlHyI6FO_6FizCkUTWufRxGYTJm58izX8OJU"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
2023-01-30 00:23:08 {"level":"error","ts":1675034588.877028,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"green-jungle.duckdns.org","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[green-jungle.duckdns.org] solving challenges: presenting for challenge: could not determine zone for domain \"_acme-challenge.green-jungle.duckdns.org\": could not find the start of authority for _acme-challenge.green-jungle.duckdns.org.: NOERROR (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/85344273/6879787973) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
2023-01-30 00:23:08 {"level":"debug","ts":1675034588.877199,"logger":"tls.obtain","msg":"trying issuer 2/2","issuer":"acme.zerossl.com-v2-DV90"}
2023-01-30 00:23:10 {"level":"debug","ts":1675034590.3204508,"logger":"http.acme_client","msg":"http request","method":"HEAD","url":"https://acme.zerossl.com/v2/DV90/newNonce","headers":{"User-Agent":["Caddy/2.6.2 CertMagic acmez (linux; amd64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=0, no-cache, no-store"],"Content-Type":["application/octet-stream"],"Date":["Sun, 29 Jan 2023 23:23:11 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["n4eSaxkVtCi-xuCQBfd-hGMYFi00B33Qy4Dx7IsQf8E"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15724800; includeSubDomains"]},"status_code":200}
2023-01-30 00:23:11 {"level":"debug","ts":1675034591.5661886,"logger":"http.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/newOrder","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.6.2 CertMagic acmez (linux; amd64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=0, no-cache, no-store"],"Content-Length":["286"],"Content-Type":["application/json"],"Date":["Sun, 29 Jan 2023 23:23:12 GMT"],"Location":["https://acme.zerossl.com/v2/DV90/order/iX0kq_4_sgSCTViTsqeOmw"],"Replay-Nonce":["bKLhfoPe-TDYeIA7Qmu4hboa4yJkfjvkatH1124k0bc"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15724800; includeSubDomains"]},"status_code":201}
2023-01-30 00:23:12 {"level":"debug","ts":1675034592.8589983,"logger":"http.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/authz/xJXz8apTVcGveqA7d9kqaQ","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.6.2 CertMagic acmez (linux; amd64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=0, no-cache, no-store"],"Content-Length":["454"],"Content-Type":["application/json"],"Date":["Sun, 29 Jan 2023 23:23:13 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["aELhljCMy5CmUCvmWUN6cL0qV-aTWZoNKwn6r3ToCso"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15724800; includeSubDomains"]},"status_code":200}
2023-01-30 00:23:12 {"level":"debug","ts":1675034592.859356,"logger":"http.acme_client","msg":"no solver configured","challenge_type":"http-01"}
2023-01-30 00:23:12 {"level":"info","ts":1675034592.8593786,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"green-jungle.duckdns.org","challenge_type":"dns-01","ca":"https://acme.zerossl.com/v2/DV90"}
2023-01-30 00:23:12 {"level":"error","ts":1675034592.8933477,"logger":"http.acme_client","msg":"cleaning up solver","identifier":"green-jungle.duckdns.org","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.green-jungle.duckdns.org\" (usually OK if presenting also failed)"}
2023-01-30 00:23:13 {"level":"debug","ts":1675034593.991617,"logger":"http.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/authz/xJXz8apTVcGveqA7d9kqaQ","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.6.2 CertMagic acmez (linux; amd64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=0, no-cache, no-store"],"Content-Length":["136"],"Content-Type":["application/json"],"Date":["Sun, 29 Jan 2023 23:23:14 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["MsM-jd_xUhjkgEnewsQen_Oew36Q7LKH2HeFsxC_WMQ"],"Retry-After":["86400"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15724800; includeSubDomains"]},"status_code":200}
2023-01-30 00:23:13 {"level":"error","ts":1675034593.9918919,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"green-jungle.duckdns.org","issuer":"acme.zerossl.com-v2-DV90","error":"[green-jungle.duckdns.org] solving challenges: presenting for challenge: could not determine zone for domain \"_acme-challenge.green-jungle.duckdns.org\": could not find the start of authority for _acme-challenge.green-jungle.duckdns.org.: NOERROR (order=https://acme.zerossl.com/v2/DV90/order/iX0kq_4_sgSCTViTsqeOmw) (ca=https://acme.zerossl.com/v2/DV90)"}
2023-01-30 00:23:13 {"level":"debug","ts":1675034593.9919474,"logger":"events","msg":"event","name":"cert_failed","id":"fabd4073-ddc7-4fc4-b58b-7a37d16cf68e","origin":"tls","data":{"error":{},"identifier":"green-jungle.duckdns.org","issuers":["acme-v02.api.letsencrypt.org-directory","acme.zerossl.com-v2-DV90"],"renewal":false}}
2023-01-30 00:23:13 {"level":"error","ts":1675034593.9919946,"logger":"tls.obtain","msg":"will retry","error":"[green-jungle.duckdns.org] Obtain: [green-jungle.duckdns.org] solving challenges: presenting for challenge: could not determine zone for domain \"_acme-challenge.green-jungle.duckdns.org\": could not find the start of authority for _acme-challenge.green-jungle.duckdns.org.: NOERROR (order=https://acme.zerossl.com/v2/DV90/order/iX0kq_4_sgSCTViTsqeOmw) (ca=https://acme.zerossl.com/v2/DV90)","attempt":2,"retrying_in":120,"elapsed":72.1572269,"max_duration":2592000}
5. What I already tried:
-Reinstalling docker
-deleting all files related to cady (C:/Docker-data/caddy-data:/data)
-Removed all other containers running normally with caddy
-Deleted all images and recreated caddy image with Duckdns plugin (see above)
-Recreated token in duckdns
-Removed all non-essential lines from caddy file
-Attempted at multiple time points
-Disabled firewall and openend ports (trying to do a DNS challenge so this should not matter?) - same result.