DNS Problem error when using my already configured domain name

Help
1

1. Caddy version (caddy version):

caddy:2.4.3-alpine

2. How I run Caddy:

a. System environment:

Ubuntu 20.04 on DigitalOcean Droplet
Docker version 19.03.13, build 4484c46d9d

b. Command:

docker-compose up --build

c. Service/unit/compose file:

version: "3.7"
services:
  database:
    image: postgres:13-alpine
    restart: always
    environment:
      POSTGRES_PASSWORD: postgres
      POSTGRES_USER: postgres
      APP_DB_NAME: snippy_prod
      APP_DB_USER: jeepers3327
    volumes:
      - ./db:/docker-entrypoint-initdb.d/
      - postgres_data:/var/lib/postgresql/data/
    expose: 
      - 5432
    networks: 
      - webserver

  sessions:
    image: redis:6.2-alpine
    volumes:
      - redis_data:/redis/data
    ports:
      - 6379
    networks: 
      - webserver

  backend:
    build: ./backend
    restart: unless-stopped
    env_file: ./backend/.env.production
    depends_on:
      - database
      - sessions
    networks: 
      - webserver

  frontend:
    build: ./frontend
    restart: unless-stopped
    depends_on:
      - backend
    networks: 
      - webserver
      
  proxy:
    image: caddy:2.4.3-alpine
    restart: unless-stopped
    ports:
      - 80:80
      - 443:443
    volumes:
      - $PWD/Caddyfile:/etc/caddy/Caddyfile
      - caddy_data:/data
      - caddy_config:/config
    depends_on: 
      - backend
      - frontend
    networks: 
      - webserver

volumes:
  redis_data:
  postgres_data:
  caddy_data:
  caddy_config:

networks: 
  webserver:
    external: true

d. My complete Caddyfile or JSON config:

{
   email  [REDACTED]
   acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
}

snippy.blanknodes.com {
  reverse_proxy frontend:3000
}

snippy.blanknodes.com/api {
  reverse_proxy backend:4000  
}

3. The problem I’m having:

I cannot seem to make LetsEncrypt to issue a certificate for my domain name.

4. Error messages and/or full log output:

proxy_1     | {"level":"info","ts":1626878188.2895792,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"snippy.blanknodes.com","challenge_type":"http-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
proxy_1     | {"level":"error","ts":1626878188.923985,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"snippy.blanknodes.com","challenge_type":"http-01","status_code":400,"problem_type":"urn:ietf:params:acme:error:dns","error":"DNS problem: NXDOMAIN looking up A for snippy.blanknodes.com - check that a DNS record exists for this domain"}
proxy_1     | {"level":"error","ts":1626878188.925101,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"snippy.blanknodes.com","error":"authorization failed: HTTP 400 urn:ietf:params:acme:error:dns - DNS problem: NXDOMAIN looking up A for snippy.blanknodes.com - check that a DNS record exists for this domain","order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/20550178/113467668","attempt":1,"max_attempts":3}
proxy_1     | {"level":"info","ts":1626878190.3350503,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"snippy.blanknodes.com","challenge_type":"tls-alpn-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
proxy_1     | {"level":"error","ts":1626878190.9651515,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"snippy.blanknodes.com","challenge_type":"tls-alpn-01","status_code":400,"problem_type":"urn:ietf:params:acme:error:dns","error":"DNS problem: NXDOMAIN looking up A for snippy.blanknodes.com - check that a DNS record exists for this domain"}
proxy_1     | {"level":"error","ts":1626878190.966305,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"snippy.blanknodes.com","error":"authorization failed: HTTP 400 urn:ietf:params:acme:error:dns - DNS problem: NXDOMAIN looking up A for snippy.blanknodes.com - check that a DNS record exists for this domain","order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/20550178/113467838","attempt":2,"max_attempts":3}
proxy_1     | {"level":"error","ts":1626878192.5552564,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"snippy.blanknodes.com","issuer":"acme-staging-v02.api.letsencrypt.org-directory","error":"[snippy.blanknodes.com] solving challenges: snippy.blanknodes.com: no solvers available for remaining challenges (configured=[http-01 tls-alpn-01] offered=[http-01 dns-01 tls-alpn-01] remaining=[dns-01]) (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/20550178/113468008) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
proxy_1     | {"level":"error","ts":1626878192.5565252,"logger":"tls.obtain","msg":"will retry","error":"[snippy.blanknodes.com] Obtain: [snippy.blanknodes.com] solving challenges: snippy.blanknodes.com: no solvers available for remaining challenges (configured=[http-01 tls-alpn-01] offered=[http-01 dns-01 tls-alpn-01] remaining=[dns-01]) (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/20550178/113468008) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":2,"retrying_in":120,"elapsed":71.683335569,"max_duration":2592000}
proxy_1     | {"level":"info","ts":1626878313.7159433,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"snippy.blanknodes.com","challenge_type":"http-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
proxy_1     | {"level":"error","ts":1626878314.3457026,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"snippy.blanknodes.com","challenge_type":"http-01","status_code":400,"problem_type":"urn:ietf:params:acme:error:dns","error":"DNS problem: NXDOMAIN looking up A for snippy.blanknodes.com - check that a DNS record exists for this domain"}
proxy_1     | {"level":"error","ts":1626878314.346778,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"snippy.blanknodes.com","error":"authorization failed: HTTP 400 urn:ietf:params:acme:error:dns - DNS problem: NXDOMAIN looking up A for snippy.blanknodes.com - check that a DNS record exists for this domain","order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/20550178/113479038","attempt":1,"max_attempts":3}
proxy_1     | {"level":"info","ts":1626878315.7416356,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"snippy.blanknodes.com","challenge_type":"tls-alpn-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
proxy_1     | {"level":"error","ts":1626878317.2940028,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"snippy.blanknodes.com","challenge_type":"tls-alpn-01","status_code":400,"problem_type":"urn:ietf:params:acme:error:dns","error":"DNS problem: NXDOMAIN looking up A for snippy.blanknodes.com - check that a DNS record exists for this domain"}
proxy_1     | {"level":"error","ts":1626878317.2951005,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"snippy.blanknodes.com","error":"authorization failed: HTTP 400 urn:ietf:params:acme:error:dns - DNS problem: NXDOMAIN looking up A for snippy.blanknodes.com - check that a DNS record exists for this domain","order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/20550178/113479188","attempt":2,"max_attempts":3}
proxy_1     | {"level":"error","ts":1626878318.9292696,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"snippy.blanknodes.com","issuer":"acme-staging-v02.api.letsencrypt.org-directory","error":"[snippy.blanknodes.com] solving challenges: snippy.blanknodes.com: no solvers available for remaining challenges (configured=[http-01 tls-alpn-01] offered=[http-01 dns-01 tls-alpn-01] remaining=[dns-01]) (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/20550178/113479448) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
proxy_1     | {"level":"error","ts":1626878318.9304214,"logger":"tls.obtain","msg":"will retry","error":"[snippy.blanknodes.com] Obtain: [snippy.blanknodes.com] solving challenges: snippy.blanknodes.com: no solvers available for remaining challenges (configured=[http-01 tls-alpn-01] offered=[http-01 dns-01 tls-alpn-01] remaining=[dns-01]) (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/20550178/113479448) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":3,"retrying_in":120,"elapsed":198.057243988,"max_duration":2592000}

5. What I already tried:

Before I run the compose file I made sure that the domain name points to the public IP of my DigitalOcean droplet. I added a A record to my DNS records.

I am using porkbun as my domain name provider.

I have experience deploying traefik app by simply creating a A record for my subdomain name and it works perfectly upon deployment to GCP Compute.

6. Links to relevant resources:

2

Your server doesn’t seem to be reachable on ports 80 or 443. Make sure the DigitalOcean firewall allows traffic through on those ports.

Path matchers are exact-match in Caddy v2, so this would only match requests to exactly /api and not /api/foo. You need to add a * to match the rest.

But that said, I’d recommend writing your config like this instead, it’s easier to understand:

snippy.blanknodes.com {
	handle /api* {
		reverse_proxy backend:4000
	}

	handle {
		reverse_proxy frontend:3000
	}
}
2 Likes
3

Thank you for the response.

I’m just wondering if Caddy could bypass the default behavior of my NextJS app. Currently the configuration above works find but it doesn’t seem to proxy the /api* path to my backend server.

NextJS has this API Routes but in my app, I wasn’t using it but apparently upon testing the url it doesn’t call my backend service.

I want all requests to snippy.blanknodes.com redirects/proxy to my frontend except for /api/* which will be used for the backend service.

4

Believe it or not, you’ve described the exact behaviour of the suggested Caddyfile that @francislavoie posted above:

(Well, maybe not exact - there’s a possible difference between /api* and /api/*)

1 Like
5

I also thought that the suggested Caddyfile config will meet my expected behavior but I get this error.
I also tried switching between /api* and /api/* but unfortunately it is not working either.

6

You’ll need to be more specific about what’s not working. Just saying “it is not working either” gives us absolutely nothing to go on to help you further.

What requests are being made that don’t work? What do you see in your browser’s network tab? What’s in Caddy’s logs?

1 Like
7

Which error specifically?

The certificate issuance errors?

If so, did you address the networking issues?

1 Like
8

Sorry for not being specific.

My problem was that I expected that any request that has /api on it will use the backend:4000 service

Let’s say I have these routes in my backend service.

backend_1   | [Nest] 27   - 07/22/2021, 12:54:39 AM   [RouterExplorer] Mapped {/gists, GET} route +2ms

In my local development this translates to

localhost:4000/gists

But during production, I need to proxy the request from /api to my backend service.

For example:

When I hit https://snippy.blanknodes.com/api/gists, it should call backend:4000/gistsbut what I actually encountered 404 Error.

1 Like
9

Fortunately the certificate issuance error was already solved through the suggested Caddyfile. My problem is, when I request /api/gists it should call backend:4000/gists.

10

That wasn’t clear earlier.

If you need to strip the path prefix before proxying, use handle_path instead.

1 Like
11

This topic was automatically closed after 30 days. New replies are no longer allowed.