DNS-01 file not being written to Cloudflare

Help
1

1. The problem I’m having:

I’m no longer able to automatically get a new SSL cert for my subdomains using DNS-01 challenge with Cloudflare.

Caddy can’t place the DNS txt file in Cloudflare DNS. I’m can place it manually using my Cloudflare API Token and CURL on a shell from inside my docker container. The API token is available as an env variable within the docker container. I’ve tried resetting my API token. The token has the following settings:

  • Zone - Zone - Read
  • Zone - DNS - Edit
  • Include - Specific Zone - mydomain

I’m unsure if this is related, my subdomains are (by design) somewhat accessible outside my network through a Cloudflare tunnel. When inside my network, my router hijacks mydomain’s DNS and points it to the server running Caddy.

~$ curl -vL nextcloud.mydomain
* Host nextcloud.mydomain:80 was resolved.
* IPv6: (none)
* IPv4: 192.168.1.229
*   Trying 192.168.1.229:80...
* Connected to nextcloud.mydomain (192.168.1.229) port 80
> GET / HTTP/1.1
> Host: nextcloud.mydomain
> User-Agent: curl/8.9.1
> Accept: */*
> 
* Request completely sent off
< HTTP/1.1 308 Permanent Redirect
< Connection: close
< Location: https://nextcloud.mydomain/
< Server: Caddy
< Date: Tue, 20 May 2025 19:26:34 GMT
< Content-Length: 0
< 
* shutting down connection #0
* Clear auth, redirects to port from 80 to 443
* Issue another request to this URL: 'https://nextcloud.mydomain/'
* Host nextcloud.mydomain:443 was resolved.
* IPv6: (none)
* IPv4: 192.168.1.229
*   Trying 192.168.1.229:443...
* Connected to nextcloud.mydomain (192.168.1.229) port 443
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
*  CAfile: /home/aryeh/anaconda3/ssl/cacert.pem
*  CApath: none
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (OUT), TLS alert, certificate expired (557):
* SSL certificate problem: certificate has expired
* closing connection #1
curl: (60) SSL certificate problem: certificate has expired
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the webpage mentioned above.

2. Error messages and/or full log output:

caddy-caddy-1  | {"level":"debug","ts":1747768586.8816273,"msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/authz/2012260467/523283614547","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.10.0 CertMagic acmez (linux; amd64)"]},"response_headers":{"Boulder-Requester":["2012260467"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["838"],"Content-Type":["application/json"],"Date":["Tue, 20 May 2025 19:16:26 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["4zqsHs_ShJNXQL-n3qtXN6TLV6SrJsg-pGrKnEUaSNUwmMTX7nk"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
caddy-caddy-1  | {"level":"error","ts":1747768586.881801,"logger":"tls.renew","msg":"could not get certificate from issuer","identifier":"librespeed.mydomain","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[librespeed.mydomain] solving challenges: presenting for challenge: adding temporary record for zone \"net.\": expected 1 zone, got 0 for net. (order=https://acme-v02.api.letsencrypt.org/acme/order/2012260467/386039220147) (ca=https://acme-v02.api.letsencrypt.org/directory)"}
caddy-caddy-1  | {"level":"debug","ts":1747768586.8820987,"logger":"tls.issuance.acme","msg":"using existing ACME account because key found in storage associated with email","email":"myemail","ca":"https://acme.zerossl.com/v2/DV90"}
caddy-caddy-1  | {"level":"info","ts":1747768586.882133,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["librespeed.mydomain"],"ca":"https://acme.zerossl.com/v2/DV90","account":"myemail"}
caddy-caddy-1  | {"level":"info","ts":1747768586.8821466,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["librespeed.mydomain"],"ca":"https://acme.zerossl.com/v2/DV90","account":"myemail"}
caddy-caddy-1  | {"level":"info","ts":1747768586.8821619,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme.zerossl.com/v2/DV90/account/wEyCKX3IJIqlInBE2rOcKQ","account_contact":["mailto:myemail"]}
caddy-caddy-1  | {"level":"debug","ts":1747768587.3721623,"msg":"http request","method":"GET","url":"https://acme.zerossl.com/v2/DV90","headers":{"User-Agent":["Caddy/2.10.0 CertMagic acmez (linux; amd64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Content-Length":["712"],"Content-Type":["application/json"],"Date":["Tue, 20 May 2025 19:16:27 GMT"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15724800; includeSubDomains"]},"status_code":200}
caddy-caddy-1  | {"level":"debug","ts":1747768587.3725502,"msg":"creating order","account":"https://acme.zerossl.com/v2/DV90/account/wEyCKX3IJIqlInBE2rOcKQ","identifiers":["librespeed.mydomain"]}
caddy-caddy-1  | {"level":"error","ts":1747768587.4968185,"msg":"cleaning up solver","identifier":"nextcloud.mydomain","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.nextcloud.mydomain\" (usually OK if presenting also failed)","stacktrace":"github.com/mholt/acmez/v3.(*Client).solveChallenges.func1\n\tgithub.com/mholt/acmez/v3@v3.1.2/client.go:318\ngithub.com/mholt/acmez/v3.(*Client).solveChallenges\n\tgithub.com/mholt/acmez/v3@v3.1.2/client.go:363\ngithub.com/mholt/acmez/v3.(*Client).ObtainCertificate\n\tgithub.com/mholt/acmez/v3@v3.1.2/client.go:136\ngithub.com/caddyserver/certmagic.(*ACMEIssuer).doIssue\n\tgithub.com/caddyserver/certmagic@v0.23.0/acmeissuer.go:489\ngithub.com/caddyserver/certmagic.(*ACMEIssuer).Issue\n\tgithub.com/caddyserver/certmagic@v0.23.0/acmeissuer.go:382\ngithub.com/caddyserver/caddy/v2/modules/caddytls.(*ACMEIssuer).Issue\n\tgithub.com/caddyserver/caddy/v2@v2.10.0/modules/caddytls/acmeissuer.go:288\ngithub.com/caddyserver/certmagic.(*Config).renewCert.func2\n\tgithub.com/caddyserver/certmagic@v0.23.0/config.go:906\ngithub.com/caddyserver/certmagic.doWithRetry\n\tgithub.com/caddyserver/certmagic@v0.23.0/async.go:104\ngithub.com/caddyserver/certmagic.(*Config).renewCert\n\tgithub.com/caddyserver/certmagic@v0.23.0/config.go:982\ngithub.com/caddyserver/certmagic.(*Config).RenewCertAsync\n\tgithub.com/caddyserver/certmagic@v0.23.0/config.go:768\ngithub.com/caddyserver/certmagic.(*Config).manageOne.func2\n\tgithub.com/caddyserver/certmagic@v0.23.0/config.go:469\ngithub.com/caddyserver/certmagic.(*jobManager).worker\n\tgithub.com/caddyserver/certmagic@v0.23.0/async.go:73"}
caddy-caddy-1  | {"level":"debug","ts":1747768587.7227437,"msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/authz/2012260467/523283614827","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.10.0 CertMagic acmez (linux; amd64)"]},"response_headers":{"Boulder-Requester":["2012260467"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["837"],"Content-Type":["application/json"],"Date":["Tue, 20 May 2025 19:16:27 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["4zqsHs_Suje7T1zaMHK3Bh9wbnZtslmfY58_Dy_ZX7UIZcW8uAo"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
caddy-caddy-1  | {"level":"error","ts":1747768587.7235277,"logger":"tls.renew","msg":"could not get certificate from issuer","identifier":"nextcloud.mydomain","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[nextcloud.mydomain] solving challenges: presenting for challenge: adding temporary record for zone \"net.\": expected 1 zone, got 0 for net. (order=https://acme-v02.api.letsencrypt.org/acme/order/2012260467/386039220307) (ca=https://acme-v02.api.letsencrypt.org/directory)"}
caddy-caddy-1  | {"level":"debug","ts":1747768587.7250264,"logger":"tls.issuance.acme","msg":"using existing ACME account because key found in storage associated with email","email":"myemail","ca":"https://acme.zerossl.com/v2/DV90"}
caddy-caddy-1  | {"level":"info","ts":1747768587.7251,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["nextcloud.mydomain"],"ca":"https://acme.zerossl.com/v2/DV90","account":"myemail"}
caddy-caddy-1  | {"level":"info","ts":1747768587.725189,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["nextcloud.mydomain"],"ca":"https://acme.zerossl.com/v2/DV90","account":"myemail"}
caddy-caddy-1  | {"level":"info","ts":1747768587.7252839,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme.zerossl.com/v2/DV90/account/wEyCKX3IJIqlInBE2rOcKQ","account_contact":["mailto:myemail"]}
caddy-caddy-1  | {"level":"debug","ts":1747768587.7253804,"msg":"creating order","account":"https://acme.zerossl.com/v2/DV90/account/wEyCKX3IJIqlInBE2rOcKQ","identifiers":["nextcloud.mydomain"]}
caddy-caddy-1  | {"level":"debug","ts":1747768587.8064494,"msg":"http request","method":"HEAD","url":"https://acme.zerossl.com/v2/DV90/newNonce","headers":{"User-Agent":["Caddy/2.10.0 CertMagic acmez (linux; amd64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=0, no-cache, no-store"],"Content-Type":["application/octet-stream"],"Date":["Tue, 20 May 2025 19:16:27 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["qCVEOcIxt67iamvbaEgMVybBMbnYukUPFriZLbXTkYc"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15724800; includeSubDomains"]},"status_code":200}
caddy-caddy-1  | {"level":"debug","ts":1747768588.0764358,"msg":"http request","method":"HEAD","url":"https://acme.zerossl.com/v2/DV90/newNonce","headers":{"User-Agent":["Caddy/2.10.0 CertMagic acmez (linux; amd64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=0, no-cache, no-store"],"Content-Type":["application/octet-stream"],"Date":["Tue, 20 May 2025 19:16:28 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["8B8qs2816G-FSWK5oDvqjMZIjG_R3RD_6GhtwfNDhWc"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15724800; includeSubDomains"]},"status_code":200}
caddy-caddy-1  | {"level":"debug","ts":1747768588.24618,"msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/newOrder","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.10.0 CertMagic acmez (linux; amd64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=0, no-cache, no-store"],"Content-Length":["288"],"Content-Type":["application/json"],"Date":["Tue, 20 May 2025 19:16:28 GMT"],"Location":["https://acme.zerossl.com/v2/DV90/order/5FM2QWiHtanwFGXquouqqg"],"Replay-Nonce":["xGJCpfUVeJSNsb5uNFMiS5W8ynHUcO5p9HY5Fii2WTg"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15724800; includeSubDomains"]},"status_code":201}
caddy-caddy-1  | {"level":"error","ts":1747768588.2679534,"msg":"cleaning up solver","identifier":"jellyfin.mydomain","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.jellyfin.mydomain\" (usually OK if presenting also failed)","stacktrace":"github.com/mholt/acmez/v3.(*Client).solveChallenges.func1\n\tgithub.com/mholt/acmez/v3@v3.1.2/client.go:318\ngithub.com/mholt/acmez/v3.(*Client).solveChallenges\n\tgithub.com/mholt/acmez/v3@v3.1.2/client.go:363\ngithub.com/mholt/acmez/v3.(*Client).ObtainCertificate\n\tgithub.com/mholt/acmez/v3@v3.1.2/client.go:136\ngithub.com/caddyserver/certmagic.(*ACMEIssuer).doIssue\n\tgithub.com/caddyserver/certmagic@v0.23.0/acmeissuer.go:489\ngithub.com/caddyserver/certmagic.(*ACMEIssuer).Issue\n\tgithub.com/caddyserver/certmagic@v0.23.0/acmeissuer.go:382\ngithub.com/caddyserver/caddy/v2/modules/caddytls.(*ACMEIssuer).Issue\n\tgithub.com/caddyserver/caddy/v2@v2.10.0/modules/caddytls/acmeissuer.go:288\ngithub.com/caddyserver/certmagic.(*Config).renewCert.func2\n\tgithub.com/caddyserver/certmagic@v0.23.0/config.go:906\ngithub.com/caddyserver/certmagic.doWithRetry\n\tgithub.com/caddyserver/certmagic@v0.23.0/async.go:104\ngithub.com/caddyserver/certmagic.(*Config).renewCert\n\tgithub.com/caddyserver/certmagic@v0.23.0/config.go:982\ngithub.com/caddyserver/certmagic.(*Config).RenewCertAsync\n\tgithub.com/caddyserver/certmagic@v0.23.0/config.go:768\ngithub.com/caddyserver/certmagic.(*Config).manageOne.func2\n\tgithub.com/caddyserver/certmagic@v0.23.0/config.go:469\ngithub.com/caddyserver/certmagic.(*jobManager).worker\n\tgithub.com/caddyserver/certmagic@v0.23.0/async.go:73"}
caddy-caddy-1  | {"level":"debug","ts":1747768588.5188699,"msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/authz/2012260467/523283615317","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.10.0 CertMagic acmez (linux; amd64)"]},"response_headers":{"Boulder-Requester":["2012260467"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["836"],"Content-Type":["application/json"],"Date":["Tue, 20 May 2025 19:16:28 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["4zqsHs_SPWWBA0Rrdv51GTjnBZl6nhjsCVH27Y3q1IaxKe1ZGBo"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
caddy-caddy-1  | {"level":"error","ts":1747768588.5191581,"logger":"tls.renew","msg":"could not get certificate from issuer","identifier":"jellyfin.mydomain","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[jellyfin.mydomain] solving challenges: presenting for challenge: adding temporary record for zone \"net.\": expected 1 zone, got 0 for net. (order=https://acme-v02.api.letsencrypt.org/acme/order/2012260467/386039220517) (ca=https://acme-v02.api.letsencrypt.org/directory)"}
caddy-caddy-1  | {"level":"debug","ts":1747768588.5197053,"logger":"tls.issuance.acme","msg":"using existing ACME account because key found in storage associated with email","email":"myemail","ca":"https://acme.zerossl.com/v2/DV90"}
caddy-caddy-1  | {"level":"info","ts":1747768588.519732,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["jellyfin.mydomain"],"ca":"https://acme.zerossl.com/v2/DV90","account":"myemail"}
caddy-caddy-1  | {"level":"info","ts":1747768588.5197532,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["jellyfin.mydomain"],"ca":"https://acme.zerossl.com/v2/DV90","account":"myemail"}
caddy-caddy-1  | {"level":"info","ts":1747768588.5198073,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme.zerossl.com/v2/DV90/account/wEyCKX3IJIqlInBE2rOcKQ","account_contact":["mailto:myemail"]}
caddy-caddy-1  | {"level":"debug","ts":1747768588.519838,"msg":"creating order","account":"https://acme.zerossl.com/v2/DV90/account/wEyCKX3IJIqlInBE2rOcKQ","identifiers":["jellyfin.mydomain"]}
caddy-caddy-1  | {"level":"debug","ts":1747768588.622715,"msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/newOrder","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.10.0 CertMagic acmez (linux; amd64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=0, no-cache, no-store"],"Content-Length":["287"],"Content-Type":["application/json"],"Date":["Tue, 20 May 2025 19:16:28 GMT"],"Location":["https://acme.zerossl.com/v2/DV90/order/333cy7zHZa1RCcnxdm808g"],"Replay-Nonce":["niEBqEx3_45dXYhYKpIgR85gvhz1GiKXy7W55cdruEc"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15724800; includeSubDomains"]},"status_code":201}
caddy-caddy-1  | {"level":"error","ts":1747768589.1523464,"msg":"cleaning up solver","identifier":"immich.mydomain","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.immich.mydomain\" (usually OK if presenting also failed)","stacktrace":"github.com/mholt/acmez/v3.(*Client).solveChallenges.func1\n\tgithub.com/mholt/acmez/v3@v3.1.2/client.go:318\ngithub.com/mholt/acmez/v3.(*Client).solveChallenges\n\tgithub.com/mholt/acmez/v3@v3.1.2/client.go:363\ngithub.com/mholt/acmez/v3.(*Client).ObtainCertificate\n\tgithub.com/mholt/acmez/v3@v3.1.2/client.go:136\ngithub.com/caddyserver/certmagic.(*ACMEIssuer).doIssue\n\tgithub.com/caddyserver/certmagic@v0.23.0/acmeissuer.go:489\ngithub.com/caddyserver/certmagic.(*ACMEIssuer).Issue\n\tgithub.com/caddyserver/certmagic@v0.23.0/acmeissuer.go:382\ngithub.com/caddyserver/caddy/v2/modules/caddytls.(*ACMEIssuer).Issue\n\tgithub.com/caddyserver/caddy/v2@v2.10.0/modules/caddytls/acmeissuer.go:288\ngithub.com/caddyserver/certmagic.(*Config).renewCert.func2\n\tgithub.com/caddyserver/certmagic@v0.23.0/config.go:906\ngithub.com/caddyserver/certmagic.doWithRetry\n\tgithub.com/caddyserver/certmagic@v0.23.0/async.go:104\ngithub.com/caddyserver/certmagic.(*Config).renewCert\n\tgithub.com/caddyserver/certmagic@v0.23.0/config.go:982\ngithub.com/caddyserver/certmagic.(*Config).RenewCertAsync\n\tgithub.com/caddyserver/certmagic@v0.23.0/config.go:768\ngithub.com/caddyserver/certmagic.(*Config).manageOne.func2\n\tgithub.com/caddyserver/certmagic@v0.23.0/config.go:469\ngithub.com/caddyserver/certmagic.(*jobManager).worker\n\tgithub.com/caddyserver/certmagic@v0.23.0/async.go:73"}
caddy-caddy-1  | {"level":"debug","ts":1747768589.1909342,"msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/authz/ZDG9ofTjmGVX1aMQPM64sg","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.10.0 CertMagic acmez (linux; amd64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=0, no-cache, no-store"],"Content-Length":["455"],"Content-Type":["application/json"],"Date":["Tue, 20 May 2025 19:16:29 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["2NcD_cU5iYotWZ4xLrawhWA0vpgT7s1WhjiEcwUbwa4"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15724800; includeSubDomains"]},"status_code":200}
caddy-caddy-1  | {"level":"info","ts":1747768589.1915176,"msg":"trying to solve challenge","identifier":"nextcloud.mydomain","challenge_type":"dns-01","ca":"https://acme.zerossl.com/v2/DV90"}
caddy-caddy-1  | {"level":"debug","ts":1747768589.422083,"msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/authz/2012260467/523283615597","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.10.0 CertMagic acmez (linux; amd64)"]},"response_headers":{"Boulder-Requester":["2012260467"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["834"],"Content-Type":["application/json"],"Date":["Tue, 20 May 2025 19:16:29 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["NySGY0K7A5JK-JohhS8MWi3-jvMu91JUNZSo6_FiQtt9mDysVbE"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
caddy-caddy-1  | {"level":"error","ts":1747768589.4227195,"logger":"tls.renew","msg":"could not get certificate from issuer","identifier":"immich.mydomain","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[immich.mydomain] solving challenges: presenting for challenge: adding temporary record for zone \"net.\": expected 1 zone, got 0 for net. (order=https://acme-v02.api.letsencrypt.org/acme/order/2012260467/386039220807) (ca=https://acme-v02.api.letsencrypt.org/directory)"}
caddy-caddy-1  | {"level":"debug","ts":1747768589.4242842,"logger":"tls.issuance.acme","msg":"using existing ACME account because key found in storage associated with email","email":"myemail","ca":"https://acme.zerossl.com/v2/DV90"}

3. Caddy version:

docker compose exec caddy caddy version
v2.10.0 h1:fonubSaQKF1YANl8TXqGcn4IbIRUDdfAkpcsfI/vX5U=

4. How I installed and ran Caddy:

a. System environment:

Ubuntu 22.04 Server
Intel

docker version

Client: Docker Engine - Community
 Version:           28.1.1
 API version:       1.49
 Go version:        go1.23.8
 Git commit:        4eba377
 Built:             Fri Apr 18 09:52:10 2025
 OS/Arch:           linux/amd64
 Context:           default

Server: Docker Engine - Community
 Engine:
  Version:          28.1.1
  API version:      1.49 (minimum version 1.24)
  Go version:       go1.23.8
  Git commit:       01f442b
  Built:            Fri Apr 18 09:52:10 2025
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.7.27
  GitCommit:        05044ec0a9a75232cad458027ca83437aae3f4da
 runc:
  Version:          1.2.5
  GitCommit:        v1.2.5-0-g59923ef
 docker-init:
  Version:          0.19.0
  GitCommit:        de40ad0

docker compose version
Docker Compose version v2.18.1

b. Command:

docker compose up -d

c. Service/unit/compose file:

services:
  caddy:
    image: ghcr.io/caddybuilds/caddy-cloudflare:latest
    restart: unless-stopped
    cap_add:
      - NET_ADMIN
    ports:
      - "80:80"
      - "443:443"
      - "443:443/udp"
    volumes:
      - $PWD/Caddyfile:/etc/caddy/Caddyfile
      - $PWD/site:/srv
      - caddy_data:/data
      - caddy_config:/config
    environment:
      - CLOUDFLARE_API_TOKEN=${CLOUDFLARE_API_TOKEN}
    networks:
      - net
      
volumes:
  caddy_data:
    external: true
  caddy_config:

networks:
  net:
    external: true

d. My complete Caddy config:

Caddyfile

{
  email myemail
  acme_dns cloudflare {env.CLOUDFLARE_API_TOKEN}
  debug
}


nextcloud.mydomain {
  reverse_proxy nextcloud-app-1:80
}

immich.mydomain {
  reverse_proxy immich_server:2283
}

gitea.mydomain {
  reverse_proxy gitea:3000
}

kuma.mydomain {
  reverse_proxy uptime-kuma:3001
}

librespeed.mydomain {
  reverse_proxy librespeed:80
}

ha.mydomain {
  reverse_proxy 192.168.1.105:8123
}

jellyfin.mydomain {
  reverse_proxy jellyfin:8096
}

5. Links to relevant resources: