Dns challenge with namecheap unusual error

1. The problem I’m having:

I am attempting to get a certificate by using the DNS challenge, my provider is namecheap.

2. Error messages and/or full log output:

caddy-frontend-1  | {"level":"info","ts":1734807065.8292556,"msg":"using config from file","file":"/etc/caddy/Caddyfile"}
caddy-frontend-1  | {"level":"warn","ts":1734807065.8303928,"logger":"caddyfile","msg":"Unnecessary header_up X-Forwarded-For: the reverse proxy's default behavior is to pass headers to the upstream"}
caddy-frontend-1  | {"level":"warn","ts":1734807065.8305776,"logger":"caddyfile","msg":"Unnecessary header_up X-Forwarded-Proto: the reverse proxy's default behavior is to pass headers to the upstream"}
caddy-frontend-1  | {"level":"info","ts":1734807065.8320034,"msg":"adapted config to JSON","adapter":"caddyfile"}
caddy-frontend-1  | {"level":"warn","ts":1734807065.8321807,"msg":"Caddyfile input is not formatted; run 'caddy fmt --overwrite' to fix inconsistencies","adapter":"caddyfile","file":"/etc/caddy/Caddyfile","line":1}
caddy-frontend-1  | {"level":"info","ts":1734807065.833414,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//*********:2019"]}
caddy-frontend-1  | {"level":"info","ts":1734807065.8339405,"logger":"http.auto_https","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
caddy-frontend-1  | {"level":"info","ts":1734807065.8341002,"logger":"http.auto_https","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
caddy-frontend-1  | {"level":"info","ts":1734807065.834681,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
caddy-frontend-1  | {"level":"info","ts":1734807065.8349195,"msg":"failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 7168 kiB, got: 416 kiB). See https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes for details."}
caddy-frontend-1  | {"level":"info","ts":1734807065.8352337,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
caddy-frontend-1  | {"level":"info","ts":1734807065.8354578,"logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","protocols":["h1","h2","h3"]}
caddy-frontend-1  | {"level":"info","ts":1734807065.8356023,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["nc.aslan.cx"]}
caddy-frontend-1  | {"level":"info","ts":1734807065.8359253,"msg":"autosaved config (load with --resume flag)","file":"/config/caddy/autosave.json"}
caddy-frontend-1  | {"level":"info","ts":1734807065.8360724,"msg":"serving initial configuration"}
caddy-frontend-1  | {"level":"info","ts":1734807065.8364809,"logger":"tls.obtain","msg":"acquiring lock","identifier":"nc.aslan.cx"}
caddy-frontend-1  | {"level":"info","ts":1734807065.8369062,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc0000cb180"}
caddy-frontend-1  | {"level":"info","ts":1734807065.8378665,"logger":"tls.obtain","msg":"lock acquired","identifier":"nc.aslan.cx"}
caddy-frontend-1  | {"level":"info","ts":1734807065.8380892,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"nc.aslan.cx"}
caddy-frontend-1  | {"level":"info","ts":1734807065.8543036,"logger":"tls","msg":"cleaning storage unit","storage":"FileStorage:/data/caddy"}
caddy-frontend-1  | {"level":"info","ts":1734807065.8545947,"logger":"tls","msg":"finished cleaning storage units"}
caddy-frontend-1  | {"level":"info","ts":1734807066.669428,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["nc.aslan.cx"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":""}
caddy-frontend-1  | {"level":"info","ts":1734807066.6695213,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["nc.aslan.cx"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":""}
caddy-frontend-1  | {"level":"info","ts":1734807066.6696029,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme-v02.api.letsencrypt.org/acme/acct/2126636525","account_contact":[]}
caddy-frontend-1  | {"level":"info","ts":1734807067.0502334,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"nc.aslan.cx","challenge_type":"dns-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
caddy-frontend-1  | {"level":"error","ts":1734807067.8478088,"logger":"tls.issuance.acme.acme_client","msg":"cleaning up solver","identifier":"nc.aslan.cx","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.nc.aslan.cx\" (usually OK if presenting also failed)"}
caddy-frontend-1  | {"level":"error","ts":1734807068.0385704,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"nc.aslan.cx","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[nc.aslan.cx] solving challenges: presenting for challenge: adding temporary record for zone \"aslan.cx.\": namecheap api returned error in response. Err: Error0: Parameter APIUser is missing\t (order=https://acme-v02.api.letsencrypt.org/acme/order/2126636525/335758641535) (ca=https://acme-v02.api.letsencrypt.org/directory)"}
caddy-frontend-1  | {"level":"error","ts":1734807068.0388246,"logger":"tls.obtain","msg":"will retry","error":"[nc.aslan.cx] Obtain: [nc.aslan.cx] solving challenges: presenting for challenge: adding temporary record for zone \"aslan.cx.\": namecheap api returned error in response. Err: Error0: Parameter APIUser is missing\t (order=https://acme-v02.api.letsencrypt.org/acme/order/2126636525/335758641535) (ca=https://acme-v02.api.letsencrypt.org/directory)","attempt":1,"retrying_in":60,"elapsed":2.200818294,"max_duration":2592000}

3. Caddy version:

v2.8.4 h1:q3pe0wpBj1OcHFZ3n/1nl4V4bxBrYoSoab7rL9BMYNk=

4. How I installed and ran Caddy:

Dockerfile

FROM caddy:2.8.4-builder-alpine AS builder
RUN xcaddy build --with github.com/caddy-dns/namecheap

FROM caddy:2.8.4-alpine
COPY --from=builder /usr/bin/caddy /usr/bin/caddy

docker-compose.yaml

services:
  caddy-frontend:
    build: .
    restart: always
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - caddy_data:/data
      - caddy_config:/config
    environment:
      - NAMECHEAP_API_KEY=xxxxxxxxxxxxxxxxx
      - NAMECHEAP_USERNAME=xxxxxxxxxxxxxxxx
    configs:
      - source: Caddyfile
        target: /etc/caddy/Caddyfile

configs:
  Caddyfile:
    content: |
      
      nc.aslan.cx {
        tls {
          dns namecheap {
          api_key {env.NAMECHEAP_API_KEY}
          user {env.NAMECHEAP_API_USER}
          }
        }
        reverse_proxy https://192.168.15.2:9000 {
          header_up Host {host}
          header_up X-Real-IP {remote}
          header_up X-Forwarded-For {remote}
          header_up X-Forwarded-Proto {scheme}
          transport http {
            tls_insecure_skip_verify
          }
        }
      }

volumes:
  caddy_data:
  caddy_config:

a. System environment:

Debian 12 guest running in Proxmox.
Docker version 27.4.1

b. Command:

docker compose up

I think this pretty clearly implies that your env var isn’t properly wired up. You have NAMECHEAP_API_USER inside your Caddyfile but NAMECHEAP_USERNAME in your docker-compose.yml environment:.

Remove all this stuff. It’s useless. Caddy sets these headers appropriately, automatically. See reverse_proxy (Caddyfile directive) — Caddy Documentation

Opppss, sorry and thank you