1. The problem I’m having:
NOTE: I previously had successfully created and implemented a nextcloud server using the same configurations. I suspect something has happened with my token and letsencrypt.
Using Caddy to start a nextcloud server using LetsEncrypt DNS to validate my cloudflare API token that is set up for All zones - Zone:Read, DNS:Edit. I have executed a Script to create an iocage jail on FreeNAS for the latest Nextcloud 26 release, including Caddy 2.x, MariaDB 10.6/PostgreSQL 10, and Let’s Encrypt.
I enter my API token as one of the parameters in the config file, after rolling the token and when that didn’t work, recreating the token. I have restarted the Caddy service within the nextcloud jail several times.
LetsEncrypt shows that my cert is invalid due to a 405 (method not allowed)
2. Error messages and/or full log output:
{"level":"error","ts":1688183097.7550597,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"cjcloud.us","issuer":"acme-staging-v02.api.letsencrypt.org-directory","error":"[cjcloud.us] solving challenges: presenting for challenge: adding temporary record for zone \"us.\": expected 1 zone, got 0 for us. (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/109035384/9519756664) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
{"level":"error","ts":1688183097.7552269,"logger":"tls.obtain","msg":"will retry","error":"[cjcloud.us] Obtain: [cjcloud.us] solving challenges: presenting for challenge: adding temporary record for zone \"us.\": expected 1 zone, got 0 for us. (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/109035384/9519756664) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":12,"retrying_in":21600,"elapsed":21608.943635038,"max_duration":2592000}
3. Caddy version:
v2.6.4 h1:2hwYqiRwk1tf3VruhMpLcYTg+11fCdr8S3jhNAdnPy8=
4. How I installed and ran Caddy:
Script executes the following
iocage exec "${JAIL_NAME}" xcaddy build --output /usr/local/bin/caddy --with github.com/caddy-dns/"${DNS_PLUGIN}" where DNS_PLUGIN = cloudflare
#iocage exec "${JAIL_NAME}" sed -i '' "s/DNS-PLACEHOLDER/${DNS_SETTING}/" /usr/local/www/Caddyfile
iocage exec "${JAIL_NAME}" sed -i '' "s/dns_plugin/${DNS_PLUGIN}/" /usr/local/www/Caddyfile
iocage exec "${JAIL_NAME}" sed -i '' "s/api_token/${DNS_TOKEN}/" /usr/local/www/Caddyfile
iocage exec "${JAIL_NAME}" sed -i '' "s/jail_ip/${IP}/" /usr/local/www/Caddyfile
iocage exec "${JAIL_NAME}" sed -i '' "s/youremailhere/${CERT_EMAIL}/" /usr/local/www/Caddyfile
iocage exec "${JAIL_NAME}" sed -i '' "s|mytimezone|${TIME_ZONE}|" /usr/local/etc/php.ini
iocage exec "${JAIL_NAME}" sysrc caddy_enable="YES"
iocage exec "${JAIL_NAME}" sysrc caddy_config="/usr/local/www/Caddyfile"```
### a. System environment:
FreeBSD 13.1-RELEASE-p2 n245412-484f039b1d0 TRUENAS
### b. Command:
<!--
Commands are what you type into a terminal, i.e. the command you use to run Caddy.
Please read https://caddyserver.com/docs/running to understand the recommended commands to run Caddy, depending on your installation method.
-->
```service caddy start
c. Service/unit/compose file:
d. My complete Caddy config:
{
# debug
acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
email myEmail@mail.com
# default_sni cjcloud.us
}
cjcloud.us {
root * /usr/local/www/nextcloud
file_server
log {
output file /var/log/cjcloud.us.log
}
php_fastcgi 127.0.0.1:9000 {
env front_controller_active true
}
tls {
dns cloudflare <redacted>
}
header {
# enable HSTS
# Strict-Transport-Security max-age=31536000;
}
# client support (e.g. os x calendar / contacts)
redir /.well-known/carddav /remote.php/dav 301
redir /.well-known/caldav /remote.php/dav 301
redir /.well-known/webfinger /index.php/.well-known/webfinger 301
redir /.well-known/nodeinfo /index.php/.well-known/nodeinfo 301
# .htaccess / data / config / ... shouldn't be accessible from outside
@forbidden {
path /.htaccess
path /data/*
path /config/*
path /db_structure
path /.xml
path /README
path /3rdparty/*
path /lib/*
path /templates/*
path /occ
path /console.php
}
respond @forbidden 404
}
