Okay, after tinkeing with the Caddyfile for an hour, here’s what I’ve found:
Setting resolvers to 1.1.1.1 doesn’t change anything. It still shows me the same SERVFAIL as can be seen in the above logs.
Setting the propagation_timeout to -1 gives me a very weird result:
{"level":"error","ts":1654037808.8948798,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"*.roxonic.net","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 403 urn:ietf:params:acme:error:unauthorized - No TXT record found at _acme-challenge.roxonic.net"}
But while restarting/recreating the conatiner multiple times, only once the ZeroSSL verification went through. LetsEncrypt said the exact same thing: ..... No TXT record found at _acme-challenge.roxonic.net
I don’t know why I did this, but I thought of setting tls config like this:
tls {
issuer acme {
dns cloudflare {env.CF_API_TOKEN}
propagation_delay 60s
propagation_timeout -1
}
issuer zerossl {
dns cloudflare {env.CF_API_TOKEN}
propagation_delay 60s
propagation_timeout -1
}
}
I am not even sure if this is a logically correct config or if it makes any sense, but this did the trick (atleast for me). I was successfully able to get LetsEncrypt certificates.
2022-05-31T23:03:00.164087553Z {"level":"info","ts":1654038180.1639962,"logger":"tls.issuance.acme.acme_client","msg":"validations succeeded; finalizing order","order":"https://acme-v02.api.letsencrypt.org/acme/order/********"}
2022-05-31T23:03:01.513701741Z {"level":"info","ts":1654038181.5136006,"logger":"tls.issuance.acme.acme_client","msg":"successfully downloaded available certificate chains","count":2,"first_url":"https://acme-v02.api.letsencrypt.org/acme/cert/***************"
Thanks @francislavoie for giving me the hints with your reply.