Hi,
1. The problem I’m having:
Trying to get ECH configured for some of my domains and get
unable to get existing DNS records to publish ECH data to HTTPS DNS record
Using Cloudflare for my DNS and have SRV records for mail purposes.
2. Error messages and/or full log output:
2025/04/23 10:04:21.197 ERROR tls unable to get existing DNS records to publish ECH data to HTTPS DNS record {"domain": "a.yag.me.uk", "error": "parsing Cloudflare DNS record {ID:36e9811521851667f80e594bfac97894 Type:SRV Name:_imaps._tcp.yag.me.uk Content:1 993 mail.thunderweb.uk Priority:0 Proxiable:false Proxied:false TTL:1 Locked:false ZoneID: ZoneName: CreatedOn:2024-12-04 14:05:53.773381 +0000 UTC ModifiedOn:2024-12-04 14:05:53.773381 +0000 UTC Data:{LatDegrees:0 LatMinutes:0 LatSeconds:0 LatDirection: LongDegrees:0 LongMinutes:0 LongSeconds:0 LongDirection: Altitude:0 Size:0 PrecisionHorz:0 PrecisionVert:0 Service: Proto: Name: Priority:0 Weight:1 Port:993 Target:mail.thunderweb.uk Value: Tag: Flags:0 Protocol:0 Algorithm:0 KeyTag:0 DigestType:0 Usage:0 Selector:0 MatchingType:0 Content:} Meta:0xc000497ea0}: name _imaps._tcp does not contain enough fields; expected format: '_service._proto.name'"}
3. Caddy version:
v2.10.0 h1:fonubSaQKF1YANl8TXqGcn4IbIRUDdfAkpcsfI/vX5U=
4. How I installed and ran Caddy:
a. System environment:
Docker
b. Command:
PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.
c. Service/unit/compose file:
Dockerfile
FROM caddy:2.10-builder AS builder
RUN xcaddy build \
--with github.com/lucaslorentz/caddy-docker-proxy/v2 \
--with github.com/caddy-dns/cloudflare \
--with github.com/caddyserver/transform-encoder \
--with github.com/WeidiDeng/caddy-cloudflare-ip
FROM caddy:2.10
COPY --from=builder /usr/bin/caddy /usr/bin/caddy
RUN apk add --no-cache bash nano git tzdata
CMD ["caddy", "docker-proxy"]
---
- name: install caddy on docker1
hosts: docker1.srv.3fr.uk
gather_facts: false
tasks:
- community.docker.docker_container:
name: caddy
image: registry.srv.3fr.uk/caddy:2.10.0
pull: true
hostname: caddy
restart_policy: always
default_host_ip: ""
dns_servers:
- 8.8.8.8
- 1.1.1.1
- 8.8.4.4
networks:
- name: web
env:
PUID: "1000"
PGID: "1000"
TZ: "Europe/London"
CADDY_DOCKER_CADDYFILE_PATH: "/config/caddy.static"
CF_API_TOKEN: "{{ cloudflare_api }}"
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- caddy_config:/config
- caddy_data:/data
- wordpress_data:/var/www/html
ports:
- "80:80"
- "443:443"
- "443:443/udp"
d. My complete Caddy config:
{
http_port 80
email ssl@thunderweb.co.uk
log default {
output stdout
format console
}
servers :443 {
protocols h1 h2 h3
trusted_proxies cloudflare {
interval 12h
timeout 15s
}
}
dns cloudflare {env.CF_API_TOKEN}
ech home.thunderweb.uk
}
(httpauth) {
forward_auth authelia:9091 {
uri /api/authz/forward-auth
copy_headers Remote-User Remote-Groups Remote-Email Remote-Name
}
}
yag.home.thunderweb.uk:443 {
import httpauth
root * /data/static/yag.me.uk/admin/public_html/
file_server
}
a.yag.me.uk:443 {
redir / https://yag.home.thunderweb.uk
}
