DNS challenge fails with .tv and .ch domains

1. Caddy version (caddy version):

v2.4.5 h1:P1mRs6V2cMcagSPn+NWpD+OEYUYLIf6ecOa48cFGeUg=

2. How I run Caddy:

a. System environment:

Linux Ubuntu 21.04 64-bit

b. Command:

systemctl start caddy

c. Service/unit/compose file:

# caddy.service
#
# For using Caddy with a config file.
#
# Make sure the ExecStart and ExecReload commands are correct
# for your installation.
#
# See https://caddyserver.com/docs/install for instructions.
#
# WARNING: This service does not use the --resume flag, so if you
# use the API to make changes, they will be overwritten by the
# Caddyfile next time the service is restarted. If you intend to
# use Caddy's API to configure it, add the --resume flag to the
# `caddy run` command or use the caddy-api.service file instead.

[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Requires=network-online.target

[Service]
Type=notify
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target

d. My complete Caddyfile or JSON config:

{
        debug
        acme_dns namecheap {
                api_key [...]
                user [...]
        }
}

guxflix.tv, *.guxflix.tv {
        tls admin@kekt.us
        reverse_proxy 10.0.0.2:80 {
        flush_interval -1
    }
}

3. The problem I’m having:

I am trying to run caddy with the namecheap dns plugin and have it manage certificates of a namecheap .tv domain automatically, however when I put in the domain above, it seemingly tries to get a certificate for “tv.” instead of the correct domain… This problem does not happen in the same way if I use a .us domain, but does appear again when I use a .ch domain. I really don’t know what to do to make it work…

4. Error messages and/or full log output:

Oct 09 17:35:16 kektus-relay systemd[1]: Starting Caddy...
[omitted standard path and other static output because it was too long to post]
Oct 09 17:35:16 kektus-relay caddy[10028]: {"level":"info","ts":1633800916.6875768,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":""}
Oct 09 17:35:16 kektus-relay caddy[10028]: {"level":"warn","ts":1633800916.6908746,"msg":"input is not formatted with 'caddy fmt'","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":12}
Oct 09 17:35:16 kektus-relay caddy[10028]: {"level":"info","ts":1633800916.6929884,"logger":"admin","msg":"admin endpoint started","address":"tcp/localhost:2019","enforce_origin":false,"origins":["127.0.0.1:2019","localhost:2019","[::1]:2019"]}
Oct 09 17:35:16 kektus-relay caddy[10028]: {"level":"info","ts":1633800916.6935327,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
Oct 09 17:35:16 kektus-relay caddy[10028]: {"level":"info","ts":1633800916.6937194,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
Oct 09 17:35:16 kektus-relay caddy[10028]: {"level":"debug","ts":1633800916.6942484,"logger":"http","msg":"starting server loop","address":"[::]:80","http3":false,"tls":false}
Oct 09 17:35:16 kektus-relay caddy[10028]: {"level":"debug","ts":1633800916.6944602,"logger":"http","msg":"starting server loop","address":"[::]:443","http3":false,"tls":true}
Oct 09 17:35:16 kektus-relay caddy[10028]: {"level":"debug","ts":1633800916.6946123,"logger":"http","msg":"starting server loop","address":"[::]:8080","http3":false,"tls":false}
Oct 09 17:35:16 kektus-relay caddy[10028]: {"level":"info","ts":1633800916.6947231,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["guxflix.tv","*.guxflix.tv"]}
Oct 09 17:35:16 kektus-relay caddy[10028]: {"level":"info","ts":1633800916.697663,"msg":"autosaved config (load with --resume flag)","file":"/var/lib/caddy/.config/caddy/autosave.json"}
Oct 09 17:35:16 kektus-relay systemd[1]: Started Caddy.
Oct 09 17:35:16 kektus-relay caddy[10028]: {"level":"info","ts":1633800916.702556,"msg":"serving initial configuration"}
Oct 09 17:35:16 kektus-relay caddy[10028]: {"level":"info","ts":1633800916.7031267,"logger":"tls.obtain","msg":"acquiring lock","identifier":"guxflix.tv"}
Oct 09 17:35:16 kektus-relay caddy[10028]: 2021/10/09 17:35:16 [INFO][FileStorage:/var/lib/caddy/.local/share/caddy] Lock for 'issue_cert_guxflix.tv' is stale (created: 2021-10-09 17:15:53.552589958 +0000 UTC, last update: 2021-10-09 17:16:33.568822016 +0000 UTC); removing then retrying: /var/lib/caddy/.local/share/caddy/locks/issue_cert_guxflix.tv.lock
Oct 09 17:35:16 kektus-relay caddy[10028]: {"level":"info","ts":1633800916.7047048,"logger":"tls.obtain","msg":"lock acquired","identifier":"guxflix.tv"}
Oct 09 17:35:16 kektus-relay caddy[10028]: {"level":"debug","ts":1633800916.705311,"logger":"tls.obtain","msg":"trying issuer 1/2","issuer":"acme-v02.api.letsencrypt.org-directory"}
Oct 09 17:35:16 kektus-relay caddy[10028]: {"level":"info","ts":1633800916.705677,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["guxflix.tv"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"admin@kekt.us"}
Oct 09 17:35:16 kektus-relay caddy[10028]: {"level":"info","ts":1633800916.7058225,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["guxflix.tv"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"admin@kekt.us"}
Oct 09 17:35:16 kektus-relay caddy[10028]: {"level":"info","ts":1633800916.7067473,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc000564cb0"}
Oct 09 17:35:16 kektus-relay caddy[10028]: {"level":"info","ts":1633800916.707064,"logger":"tls","msg":"cleaning storage unit","description":"FileStorage:/var/lib/caddy/.local/share/caddy"}
Oct 09 17:35:16 kektus-relay caddy[10028]: {"level":"info","ts":1633800916.7080638,"logger":"tls","msg":"finished cleaning storage units"}
Oct 09 17:35:16 kektus-relay caddy[10028]: {"level":"info","ts":1633800916.7085109,"logger":"tls.obtain","msg":"acquiring lock","identifier":"*.guxflix.tv"}
Oct 09 17:35:16 kektus-relay caddy[10028]: 2021/10/09 17:35:16 [INFO][FileStorage:/var/lib/caddy/.local/share/caddy] Lock for 'issue_cert_*.guxflix.tv' is stale (created: 2021-10-09 17:15:53.556328219 +0000 UTC, last update: 2021-10-09 17:16:33.568913707 +0000 UTC); removing then retrying: /var/lib/caddy/.local/share/caddy/locks/issue_cert_wildcard_.guxflix.tv.lock
Oct 09 17:35:16 kektus-relay caddy[10028]: {"level":"info","ts":1633800916.709534,"logger":"tls.obtain","msg":"lock acquired","identifier":"*.guxflix.tv"}
Oct 09 17:35:16 kektus-relay caddy[10028]: {"level":"debug","ts":1633800916.7100332,"logger":"tls.obtain","msg":"trying issuer 1/2","issuer":"acme-v02.api.letsencrypt.org-directory"}
Oct 09 17:35:16 kektus-relay caddy[10028]: {"level":"info","ts":1633800916.7103066,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["*.guxflix.tv"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"admin@kekt.us"}
Oct 09 17:35:16 kektus-relay caddy[10028]: {"level":"info","ts":1633800916.7107322,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["*.guxflix.tv"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":"admin@kekt.us"}
Oct 09 17:35:17 kektus-relay caddy[10028]: {"level":"debug","ts":1633800917.3047101,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"GET","url":"https://acme-v02.api.letsencrypt.org/directory","headers":{"User-Agent":["Caddy/2.4.5 CertMagic acmez (linux; amd64)"]},"response_headers":{"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["658"],"Content-Type":["application/json"],"Date":["Sat, 09 Oct 2021 17:35:17 GMT"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
Oct 09 17:35:17 kektus-relay caddy[10028]: {"level":"debug","ts":1633800917.4534009,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"HEAD","url":"https://acme-v02.api.letsencrypt.org/acme/new-nonce","headers":{"User-Agent":["Caddy/2.4.5 CertMagic acmez (linux; amd64)"]},"response_headers":{"Cache-Control":["public, max-age=0, no-cache"],"Date":["Sat, 09 Oct 2021 17:35:17 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["0002ubgSrmrkGaco9vWhqF2CgtaRK76cOpuTXIgbaJXB5WQ"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
Oct 09 17:35:17 kektus-relay caddy[10028]: {"level":"debug","ts":1633800917.9102073,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"HEAD","url":"https://acme-v02.api.letsencrypt.org/acme/new-nonce","headers":{"User-Agent":["Caddy/2.4.5 CertMagic acmez (linux; amd64)"]},"response_headers":{"Cache-Control":["public, max-age=0, no-cache"],"Date":["Sat, 09 Oct 2021 17:35:17 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["000211i7c95d11xMNeRyKesKmOxK4GmY6evPqNVt72q-Aao"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
Oct 09 17:35:18 kektus-relay caddy[10028]: {"level":"debug","ts":1633800918.0899284,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/new-order","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.5 CertMagic acmez (linux; amd64)"]},"response_headers":{"Boulder-Requester":["232542620"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["335"],"Content-Type":["application/json"],"Date":["Sat, 09 Oct 2021 17:35:18 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Location":["https://acme-v02.api.letsencrypt.org/acme/order/232542620/30669088890"],"Replay-Nonce":["0001pF0mBKwZ099ftjeVmUPhH82KYfQpDhESJw035cskEiM"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":201}
Oct 09 17:35:18 kektus-relay caddy[10028]: {"level":"debug","ts":1633800918.2477167,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/authz-v3/38480467890","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.5 CertMagic acmez (linux; amd64)"]},"response_headers":{"Boulder-Requester":["232542620"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["383"],"Content-Type":["application/json"],"Date":["Sat, 09 Oct 2021 17:35:18 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["0001JqaZj6nNyvdKQYKDVFLjsnvoFTKp0Qt90gsU7J_OAUs"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
Oct 09 17:35:18 kektus-relay caddy[10028]: {"level":"info","ts":1633800918.248513,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"*.guxflix.tv","challenge_type":"dns-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
Oct 09 17:35:18 kektus-relay caddy[10028]: {"level":"error","ts":1633800918.2695045,"logger":"tls.issuance.acme.acme_client","msg":"cleaning up solver","identifier":"*.guxflix.tv","challenge_type":"dns-01","error":"no memory of presenting a DNS record for guxflix.tv (probably OK if presenting failed)"}
Oct 09 17:35:18 kektus-relay caddy[10028]: {"level":"debug","ts":1633800918.4085596,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/new-order","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.5 CertMagic acmez (linux; amd64)"]},"response_headers":{"Boulder-Requester":["232542620"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["333"],"Content-Type":["application/json"],"Date":["Sat, 09 Oct 2021 17:35:18 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Location":["https://acme-v02.api.letsencrypt.org/acme/order/232542620/30669089420"],"Replay-Nonce":["0002D6Ppx4_3-Us040JtmUEv4P874d-92BmKljQq6RuJQMA"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":201}
Oct 09 17:35:18 kektus-relay caddy[10028]: {"level":"debug","ts":1633800918.6477408,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/authz-v3/38480467890","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.5 CertMagic acmez (linux; amd64)"]},"response_headers":{"Boulder-Requester":["232542620"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["387"],"Content-Type":["application/json"],"Date":["Sat, 09 Oct 2021 17:35:18 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["0002-y3VRn_kFxUEfYWIFcnAOG--Udhozpp12GLNcngdMOk"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
Oct 09 17:35:18 kektus-relay caddy[10028]: {"level":"error","ts":1633800918.6490097,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"*.guxflix.tv","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[*.guxflix.tv] solving challenges: presenting for challenge: adding temporary record for zone tv.: domain: tv is not a valid domain. Expected at least 1 TLD and 1 SLD (order=https://acme-v02.api.letsencrypt.org/acme/order/232542620/30669088890) (ca=https://acme-v02.api.letsencrypt.org/directory)"}
Oct 09 17:35:18 kektus-relay caddy[10028]: {"level":"debug","ts":1633800918.6491923,"logger":"tls.obtain","msg":"trying issuer 2/2","issuer":"acme.zerossl.com-v2-DV90"}
Oct 09 17:35:18 kektus-relay caddy[10028]: {"level":"info","ts":1633800918.6495745,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["*.guxflix.tv"],"ca":"https://acme.zerossl.com/v2/DV90","account":"admin@kekt.us"}
Oct 09 17:35:18 kektus-relay caddy[10028]: {"level":"info","ts":1633800918.64974,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["*.guxflix.tv"],"ca":"https://acme.zerossl.com/v2/DV90","account":"admin@kekt.us"}
Oct 09 17:35:18 kektus-relay caddy[10028]: {"level":"debug","ts":1633800918.9482243,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/authz-v3/38480468510","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.5 CertMagic acmez (linux; amd64)"]},"response_headers":{"Boulder-Requester":["232542620"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["791"],"Content-Type":["application/json"],"Date":["Sat, 09 Oct 2021 17:35:18 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["0002RjdCBNqmLpCuGSqtRrJZVoJUtKHT_T1IUVghEQuF1jk"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
Oct 09 17:35:18 kektus-relay caddy[10028]: {"level":"info","ts":1633800918.9497333,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"guxflix.tv","challenge_type":"dns-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
Oct 09 17:35:18 kektus-relay caddy[10028]: {"level":"error","ts":1633800918.9559076,"logger":"tls.issuance.acme.acme_client","msg":"cleaning up solver","identifier":"guxflix.tv","challenge_type":"dns-01","error":"no memory of presenting a DNS record for guxflix.tv (probably OK if presenting failed)"}
Oct 09 17:35:19 kektus-relay caddy[10028]: {"level":"debug","ts":1633800919.1240823,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/authz-v3/38480468510","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.5 CertMagic acmez (linux; amd64)"]},"response_headers":{"Boulder-Requester":["232542620"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["795"],"Content-Type":["application/json"],"Date":["Sat, 09 Oct 2021 17:35:19 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["00016u7zcOpPMufVZ6TqRtLZTj8v5HVekdRkZp4uA_tIjHg"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
Oct 09 17:35:19 kektus-relay caddy[10028]: {"level":"error","ts":1633800919.1247604,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"guxflix.tv","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[guxflix.tv] solving challenges: presenting for challenge: adding temporary record for zone tv.: domain: tv is not a valid domain. Expected at least 1 TLD and 1 SLD (order=https://acme-v02.api.letsencrypt.org/acme/order/232542620/30669089420) (ca=https://acme-v02.api.letsencrypt.org/directory)"}
Oct 09 17:35:19 kektus-relay caddy[10028]: {"level":"debug","ts":1633800919.12494,"logger":"tls.obtain","msg":"trying issuer 2/2","issuer":"acme.zerossl.com-v2-DV90"}
Oct 09 17:35:19 kektus-relay caddy[10028]: {"level":"info","ts":1633800919.1252806,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["guxflix.tv"],"ca":"https://acme.zerossl.com/v2/DV90","account":"admin@kekt.us"}
Oct 09 17:35:19 kektus-relay caddy[10028]: {"level":"info","ts":1633800919.1254473,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["guxflix.tv"],"ca":"https://acme.zerossl.com/v2/DV90","account":"admin@kekt.us"}
Oct 09 17:35:19 kektus-relay caddy[10028]: {"level":"debug","ts":1633800919.1732624,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"GET","url":"https://acme.zerossl.com/v2/DV90","headers":{"User-Agent":["Caddy/2.4.5 CertMagic acmez (linux; amd64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["645"],"Content-Type":["application/json"],"Date":["Sat, 09 Oct 2021 17:35:19 GMT"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]},"status_code":200}
Oct 09 17:35:19 kektus-relay caddy[10028]: {"level":"debug","ts":1633800919.5268393,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"HEAD","url":"https://acme.zerossl.com/v2/DV90/newNonce","headers":{"User-Agent":["Caddy/2.4.5 CertMagic acmez (linux; amd64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Type":["application/octet-stream"],"Date":["Sat, 09 Oct 2021 17:35:19 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["dCvpEUdBH4Oq6-v16x62_sULzGDwovitpOJfuOMl_x0"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]},"status_code":200}
Oct 09 17:35:19 kektus-relay caddy[10028]: {"level":"debug","ts":1633800919.62397,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"HEAD","url":"https://acme.zerossl.com/v2/DV90/newNonce","headers":{"User-Agent":["Caddy/2.4.5 CertMagic acmez (linux; amd64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Type":["application/octet-stream"],"Date":["Sat, 09 Oct 2021 17:35:19 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["UVhEXmEBn3lP3E345G5hXrBvywWXt6cnYqEHV1ql72g"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]},"status_code":200}
Oct 09 17:35:19 kektus-relay caddy[10028]: {"level":"debug","ts":1633800919.9300418,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/newOrder","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.5 CertMagic acmez (linux; amd64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=0, no-cache, no-store","max-age=-1"],"Content-Length":["274"],"Content-Type":["application/json"],"Date":["Sat, 09 Oct 2021 17:35:19 GMT"],"Location":["https://acme.zerossl.com/v2/DV90/order/gL-M74Bw-WN_LPeDi8pEQg"],"Replay-Nonce":["pPDAic6dH0-39lt3x9jl1qDXFQEUQxzQ__K8cMkCeGQ"],"Server":["nginx"],"Status":[""],"Strict-Transport-Security":["max-age=15552000"]},"status_code":201}
Oct 09 17:35:20 kektus-relay caddy[10028]: {"level":"debug","ts":1633800920.0165713,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/newOrder","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.5 CertMagic acmez (linux; amd64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=0, no-cache, no-store","max-age=-1"],"Content-Length":["272"],"Content-Type":["application/json"],"Date":["Sat, 09 Oct 2021 17:35:20 GMT"],"Location":["https://acme.zerossl.com/v2/DV90/order/OapttGjB8Y17xBvAZB19cg"],"Replay-Nonce":["pCMorSUGEkOMHMqrx6tGN0fqsYkVCL3lx7ddVaTbnls"],"Server":["nginx"],"Status":[""],"Strict-Transport-Security":["max-age=15552000"]},"status_code":201}
Oct 09 17:35:20 kektus-relay caddy[10028]: {"level":"debug","ts":1633800920.302581,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/authz/Sdce4DR4GbNTGpUqvDJ8hg","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.5 CertMagic acmez (linux; amd64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["294"],"Content-Type":["application/json"],"Date":["Sat, 09 Oct 2021 17:35:20 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["0Iq3HFuXTU3wwfic6l3erGa0aqtwfrzjrDwZV3g-ZM0"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]},"status_code":200}
Oct 09 17:35:20 kektus-relay caddy[10028]: {"level":"info","ts":1633800920.30314,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"*.guxflix.tv","challenge_type":"dns-01","ca":"https://acme.zerossl.com/v2/DV90"}
Oct 09 17:35:20 kektus-relay caddy[10028]: {"level":"error","ts":1633800920.3082788,"logger":"tls.issuance.acme.acme_client","msg":"cleaning up solver","identifier":"*.guxflix.tv","challenge_type":"dns-01","error":"no memory of presenting a DNS record for guxflix.tv (probably OK if presenting failed)"}
Oct 09 17:35:20 kektus-relay caddy[10028]: {"level":"debug","ts":1633800920.3762176,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/authz/O45uOXDqxsbQ96elDVBySA","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.5 CertMagic acmez (linux; amd64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["440"],"Content-Type":["application/json"],"Date":["Sat, 09 Oct 2021 17:35:20 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["RiVP_Ap9hOuL3OdiNFqKLt12ATRIX3twrOnoBtSek7Q"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]},"status_code":200}
Oct 09 17:35:20 kektus-relay caddy[10028]: {"level":"info","ts":1633800920.3766425,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"guxflix.tv","challenge_type":"dns-01","ca":"https://acme.zerossl.com/v2/DV90"}
Oct 09 17:35:20 kektus-relay caddy[10028]: {"level":"error","ts":1633800920.385184,"logger":"tls.issuance.acme.acme_client","msg":"cleaning up solver","identifier":"guxflix.tv","challenge_type":"dns-01","error":"no memory of presenting a DNS record for guxflix.tv (probably OK if presenting failed)"}
Oct 09 17:35:20 kektus-relay caddy[10028]: {"level":"debug","ts":1633800920.6774132,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/authz/Sdce4DR4GbNTGpUqvDJ8hg","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.5 CertMagic acmez (linux; amd64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["138"],"Content-Type":["application/json"],"Date":["Sat, 09 Oct 2021 17:35:20 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["d6RHN_hNEirRUv4F_oF-Oiz99X6SkbM9l-pcwybUu7Y"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]},"status_code":200}
Oct 09 17:35:20 kektus-relay caddy[10028]: {"level":"error","ts":1633800920.67852,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"*.guxflix.tv","issuer":"acme.zerossl.com-v2-DV90","error":"[*.guxflix.tv] solving challenges: presenting for challenge: adding temporary record for zone tv.: domain: tv is not a valid domain. Expected at least 1 TLD and 1 SLD (order=https://acme.zerossl.com/v2/DV90/order/gL-M74Bw-WN_LPeDi8pEQg) (ca=https://acme.zerossl.com/v2/DV90)"}
Oct 09 17:35:20 kektus-relay caddy[10028]: {"level":"error","ts":1633800920.6786988,"logger":"tls.obtain","msg":"will retry","error":"[*.guxflix.tv] Obtain: [*.guxflix.tv] solving challenges: presenting for challenge: adding temporary record for zone tv.: domain: tv is not a valid domain. Expected at least 1 TLD and 1 SLD (order=https://acme.zerossl.com/v2/DV90/order/gL-M74Bw-WN_LPeDi8pEQg) (ca=https://acme.zerossl.com/v2/DV90)","attempt":1,"retrying_in":60,"elapsed":3.969026438,"max_duration":2592000}
Oct 09 17:35:20 kektus-relay caddy[10028]: {"level":"debug","ts":1633800920.7451737,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/authz/O45uOXDqxsbQ96elDVBySA","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.5 CertMagic acmez (linux; amd64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["122"],"Content-Type":["application/json"],"Date":["Sat, 09 Oct 2021 17:35:20 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["-dNXRhzsGzAfCD_nC7FzLidkLFvW5VvHEEqgCEzcmU0"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]},"status_code":200}
Oct 09 17:35:20 kektus-relay caddy[10028]: {"level":"error","ts":1633800920.7456539,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"guxflix.tv","issuer":"acme.zerossl.com-v2-DV90","error":"[guxflix.tv] solving challenges: presenting for challenge: adding temporary record for zone tv.: domain: tv is not a valid domain. Expected at least 1 TLD and 1 SLD (order=https://acme.zerossl.com/v2/DV90/order/OapttGjB8Y17xBvAZB19cg) (ca=https://acme.zerossl.com/v2/DV90)"}
Oct 09 17:35:20 kektus-relay caddy[10028]: {"level":"error","ts":1633800920.7458057,"logger":"tls.obtain","msg":"will retry","error":"[guxflix.tv] Obtain: [guxflix.tv] solving challenges: presenting for challenge: adding temporary record for zone tv.: domain: tv is not a valid domain. Expected at least 1 TLD and 1 SLD (order=https://acme.zerossl.com/v2/DV90/order/OapttGjB8Y17xBvAZB19cg) (ca=https://acme.zerossl.com/v2/DV90)","attempt":1,"retrying_in":60,"elapsed":4.040914045,"max_duration":2592000}
Oct 09 17:35:37 kektus-relay systemd[1]: Stopping Caddy...
Oct 09 17:35:37 kektus-relay caddy[10028]: {"level":"info","ts":1633800937.923646,"msg":"shutting down apps, then terminating","signal":"SIGTERM"}
Oct 09 17:35:37 kektus-relay caddy[10028]: {"level":"warn","ts":1633800937.9242241,"msg":"exiting; byeee!! 👋","signal":"SIGTERM"}
Oct 09 17:35:42 kektus-relay caddy[10028]: {"level":"info","ts":1633800942.179203,"logger":"tls.cache.maintenance","msg":"stopped background certificate maintenance","cache":"0xc000564cb0"}
Oct 09 17:35:42 kektus-relay caddy[10028]: {"level":"info","ts":1633800942.1805975,"logger":"tls.obtain","msg":"releasing lock","identifier":"guxflix.tv"}
Oct 09 17:35:42 kektus-relay caddy[10028]: {"level":"error","ts":1633800942.1808338,"logger":"tls.obtain","msg":"unable to unlock","identifier":"guxflix.tv","lock_key":"issue_cert_guxflix.tv","error":"remove /var/lib/caddy/.local/share/caddy/locks/issue_cert_guxflix.tv.lock: no such file or directory"}
Oct 09 17:35:42 kektus-relay caddy[10028]: {"level":"error","ts":1633800942.180976,"logger":"tls","msg":"job failed","error":"guxflix.tv: obtaining certificate: context canceled"}
Oct 09 17:35:42 kektus-relay caddy[10028]: {"level":"info","ts":1633800942.1810791,"logger":"tls.obtain","msg":"releasing lock","identifier":"*.guxflix.tv"}
Oct 09 17:35:42 kektus-relay caddy[10028]: {"level":"error","ts":1633800942.1812243,"logger":"tls.obtain","msg":"unable to unlock","identifier":"*.guxflix.tv","lock_key":"issue_cert_*.guxflix.tv","error":"remove /var/lib/caddy/.local/share/caddy/locks/issue_cert_wildcard_.guxflix.tv.lock: no such file or directory"}
Oct 09 17:35:42 kektus-relay caddy[10028]: {"level":"error","ts":1633800942.1813352,"logger":"tls","msg":"job failed","error":"*.guxflix.tv: obtaining certificate: context canceled"}
Oct 09 17:35:42 kektus-relay caddy[10028]: {"level":"info","ts":1633800942.182505,"logger":"admin","msg":"stopped previous server","address":"tcp/localhost:2019"}
Oct 09 17:35:42 kektus-relay caddy[10028]: {"level":"info","ts":1633800942.182609,"msg":"shutdown complete","signal":"SIGTERM","exit_code":0}

5. What I already tried:

I double checked the namecheap config, then tried the same configuration with another domain ending with .us, which worked without problems. I also tried using a .ch domain, but this produced the exact same procedure and problems.

6. Links to relevant resources:

I’m leaning towards saying this is a bug with the namecheap plugin. Best if you open an issue on the libdns plugin to ask for help:

That error message is coming from certmagic, so it might be an issue there.

@francislavoie thank you for your response!
So it seems like it really was a problem with the namecheap plugin or certmagic. The problem seems to be that my other domains were all CNAMEs to the main one (while having different TLDs). I was able to fix the problem by changing them to A-entries. I will still create an issue on GitHub to hopefully get this fixed for any future users.

1 Like