DNS Challenge with DuckDNS

1. Caddy version (caddy version):

v2.4.6 with DuckDNS

2. How I run Caddy:

a. System environment:

Installed Caddy on a Ubuntu VM using the official documentation, replaced caddy in /usr/bin/ with build with caddy + duckdns plugin. Running Caddy as systemd service.

b. Command:

systemctl start caddy

c. Service/unit/compose file:


d. My complete Caddyfile or JSON config:

somedomain.duckdns.org:443 {
       tls {
               dns duckdns {API_KEY}
       reverse_proxy /notifications/hub

3. The problem I’m having:

I’m trying to run a local-only vaultwarden instance, following this guide, but my Caddy isn’t able to complete the DNS challenge

My Vaultwarden is running in a docker container and my Caddy is in a VM, so they have different IP addresses.

Vaultwarden IP:

Caddy IP:

in DuckDNS, somedomain.duckdns.org points to my local Caddy IP ( Am I doing this correctly?

4. Error messages and/or full log output:

Feb 04 07:55:29 caddy caddy[2399]: {"level":"info","ts":1643961329.6664183,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"somedomain.duckdns.org","challenge_type":"dns-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
Feb 04 07:55:30 caddy caddy[2399]: {"level":"error","ts":1643961330.3276691,"logger":"tls.issuance.acme.acme_client","msg":"cleaning up solver","identifier":"somedomain.duckdns.org","challenge_type":"dns-01","error":"no memory of presenting a DNS record for somedomain.duckdns.org (probably OK if presenting failed)"}
Feb 04 07:55:30 caddy caddy[2399]: {"level":"error","ts":1643961330.363449,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"somedomain.duckdns.org","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[somedomain.duckdns.org] solving challenges: presenting for challenge: adding temporary record for zone duckdns.org.: DuckDNS request failed, expected (OK) but got (KO), url: [https://www.duckdns.org/update?domains=somedomain.duckdns.org&token=&txt=4zpdQxCePoJstsTv-Fd1n3Ikpsj60JC6IqgF2v5wEmc&verbose=true], body: KO (order=https://acme-v02.api.letsencrypt.org/acme/order/392342100/61110534040) (ca=https://acme-v02.api.letsencrypt.org/directory)"}

5. What I already tried:

I am able to get certs for my exposed services but not sure how to get the DNS challenge working

6. Links to relevant resources:

Nevermind, I found the issue - changed this in my Caddyfile:

dns duckdns {API_KEY}


dns duckdns {
             api_token API_KEY

{API_KEY} is not the right syntax for environment variables, if that’s what you were trying to do. It should have the $ included. See the docs:

Using the single-line way should be fine. Did you mistakenly include { } around your actual API key?

Did you mistakenly include { } around your actual API key?

yeah, I think that was my problem, got the syntax wrong.

1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.