"error adding zone record"

altano · May 23, 2021, 10:49am

1. Caddy version (`caddy version`):

caddy:2-alpine / v2.4.0

2. How I run Caddy:

docker-compose (see file below)

a. System environment:

Docker version 19.03.13, build 4484c46d9d
docker-compose version 1.25.0, build unknown
Ubuntu 20.04.1 LTS

b. Command:

docker-compose up -d

c. Service/unit/compose file:

caddy/docker-compose.yaml:

version: '3.7'

services:
  caddy:
    # image: lucaslorentz/caddy-docker-proxy:ci-alpine
    build: ./custom-caddy-build
    restart: unless-stopped
    environment:
      - TZ=America/Los_Angeles
    env_file:
      - ./easydns.dumbunz.env
    ports:
      - '80:80'
      - '443:443'
    networks:
      - docker_web
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    labels: # Global options
      caddy.email: XXXXX@gmail.com
      # remove the following line when you have verified your setup
      # Otherwise you risk being rate limited by let's encrypt
      caddy.acme_ca: https://acme-staging-v02.api.letsencrypt.org/directory
      # snippet definitions
      caddy_0: '(www-redirect)'
      caddy_0.redir: 'https://www.{hostport}{uri}'
      caddy_1: '(dns-challenge)'
      caddy_1.tls.dns: 'lego_deprecated easydns'
      caddy_2: '(internal-only)'
      caddy_2.@public_networks: 'not remote_ip 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8'
      caddy_2.respond: '@public_networks 403'
      caddy_2.respond.close:

  whoami-public:
    image: jwilder/whoami
    networks:
      - docker_web
    labels:
      caddy: 'public.dumbunz.com'
      caddy.reverse_proxy: '{{upstreams 8000}}'

  whoami-private:
    image: jwilder/whoami
    networks:
      - docker_web
    labels:
      caddy: 'private.dumbunz.com'
      caddy.reverse_proxy: '{{upstreams 8000}}'
      caddy.import_0: 'dns-challenge'
      caddy.import_1: 'internal-only'

networks:
  docker_web:
    external: true

dumbunz.com/docker-compose.yaml:

version: '3.7'

services:
  app:
    build:
      context: app/
    image: altano/norbauer.net
    networks:
      - docker_web
    restart: unless-stopped
    labels:
      caddy: 'www.dumbunz.com'
      caddy.reverse_proxy: '{{upstreams 8000}}'
      caddy.import_0: 'dns-challenge'
      caddy.import_1: 'internal-only'
      caddy.import_3: 'www-redirect'

networks:
  docker_web:
    external: true

d. My complete Caddyfile or JSON config:

auto-generated caddyfile:

{
	acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
	email XXXXX@gmail.com
}
(dns-challenge) {
	tls {
		dns lego_deprecated easydns
	}
}
(internal-only) {
	@public_networks not remote_ip 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8
	respond @public_networks 403 {
		close
	}
}
(www-redirect) {
	redir https://www.{hostport}{uri}
}
www.dumbunz.com {
	import dns-challenge
	import internal-only
	import www-redirect
	reverse_proxy 172.25.0.9:8000
}

3. The problem I’m having:

The DNS challenge fails, with errors in the Caddy logs (see below).

4. Error messages and/or full log output:

Error:

solving challenges: presenting for challenge: easydns: error adding zone record

{"level":"error","ts":1621752649.3619487,"logger":"tls.obtain","msg":"will retry","error":"[www.dumbunz.com] Obtain: [www.dumbunz.com] solving challenges: presenting for challenge: easydns: error adding zone record: Put \"https://rest.easydns.net/zones/records/add/dumbunz.com/TXT?format=json\": context deadline exceeded (Client.Timeout exceeded while awaiting headers) (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/19132318/60410565) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":1,"retrying_in":60,"elapsed":31.435580592,"max_duration":2592000}

Full log:

2021-05-23T06:50:17.876896948Z 2021/05/23 06:50:17 [INFO] Running caddy proxy server
2021-05-23T06:50:17.878115436Z {"level":"info","ts":1621752617.8778565,"logger":"admin","msg":"admin endpoint started","address":"tcp/localhost:2019","enforce_origin":false,"origins":["localhost:2019","[::1]:2019","127.0.0.1:2019"]}
2021-05-23T06:50:17.878218197Z {"level":"info","ts":1621752617.8781028,"msg":"autosaved config","file":"/config/caddy/autosave.json"}
2021-05-23T06:50:17.878322200Z 2021/05/23 06:50:17 [INFO] Running caddy proxy controller
2021-05-23T06:50:17.879285114Z 2021/05/23 06:50:17 [INFO] CaddyfilePath: 
2021-05-23T06:50:17.879318024Z 2021/05/23 06:50:17 [INFO] LabelPrefix: caddy
2021-05-23T06:50:17.879323905Z 2021/05/23 06:50:17 [INFO] PollingInterval: 30s
2021-05-23T06:50:17.879329015Z 2021/05/23 06:50:17 [INFO] ProcessCaddyfile: true
2021-05-23T06:50:17.879333435Z 2021/05/23 06:50:17 [INFO] ProxyServiceTasks: true
2021-05-23T06:50:17.879338625Z 2021/05/23 06:50:17 [INFO] IngressNetworks: []
2021-05-23T06:50:17.879681720Z 2021/05/23 06:50:17 [INFO] Caddy ContainerID: 3c1cab3ba65a124a71191da6409de7bbfc22d7de15f8e8581a4e8331786f11c7
2021-05-23T06:50:17.883707441Z 2021/05/23 06:50:17 [INFO] IngressNetworksMap: map[6c9fa46659c613cc30afdae4cdc381ff758072d3f93b0726f9b8050c1829c001:true]
2021-05-23T06:50:17.896230630Z 2021/05/23 06:50:17 [INFO] Swarm is available: false
2021-05-23T06:50:17.908264442Z 2021/05/23 06:50:17 [INFO] Skipping default Caddyfile because no path is set
2021-05-23T06:50:17.908289172Z [INFO] Skipping configs because swarm is not available
2021-05-23T06:50:17.908294863Z [INFO] Skipping services because swarm is not available
2021-05-23T06:50:17.908301343Z 2021/05/23 06:50:17 [INFO] New Caddyfile:
2021-05-23T06:50:17.908305803Z {
2021-05-23T06:50:17.908310243Z 	acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
2021-05-23T06:50:17.908315023Z 	email XXXXXXXX@gmail.com
2021-05-23T06:50:17.908319393Z }
2021-05-23T06:50:17.908323253Z (dns-challenge) {
2021-05-23T06:50:17.908327123Z 	tls {
2021-05-23T06:50:17.908332053Z 		dns lego_deprecated easydns
2021-05-23T06:50:17.908335884Z 	}
2021-05-23T06:50:17.908356594Z }
2021-05-23T06:50:17.908361854Z (internal-only) {
2021-05-23T06:50:17.908365544Z 	@public_networks not remote_ip 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8
2021-05-23T06:50:17.908369374Z 	respond @public_networks 403 {
2021-05-23T06:50:17.908373094Z 		close
2021-05-23T06:50:17.908377324Z 	}
2021-05-23T06:50:17.908381244Z }
2021-05-23T06:50:17.908385634Z (www-redirect) {
2021-05-23T06:50:17.908389284Z 	redir https://www.{hostport}{uri}
2021-05-23T06:50:17.908392704Z }
2021-05-23T06:50:17.908465885Z private.dumbunz.com {
2021-05-23T06:50:17.908475586Z 	import dns-challenge
2021-05-23T06:50:17.908479526Z 	import internal-only
2021-05-23T06:50:17.908482796Z 	reverse_proxy 172.25.0.7:8000
2021-05-23T06:50:17.908488076Z }
2021-05-23T06:50:17.908491856Z public.dumbunz.com {
2021-05-23T06:50:17.908495716Z 	reverse_proxy 172.25.0.6:8000
2021-05-23T06:50:17.908499336Z }
2021-05-23T06:50:17.908504236Z www.dumbunz.com {
2021-05-23T06:50:17.908508036Z 	import dns-challenge
2021-05-23T06:50:17.908511656Z 	import internal-only
2021-05-23T06:50:17.908515176Z 	import www-redirect
2021-05-23T06:50:17.908520846Z 	reverse_proxy 172.25.0.9:8000
2021-05-23T06:50:17.908524256Z }
2021-05-23T06:50:17.909005213Z 2021/05/23 06:50:17 [INFO] New Config JSON:
2021-05-23T06:50:17.909040024Z {"apps":{"http":{"servers":{"srv0":{"listen":[":443"],"routes":[{"match":[{"host":["private.dumbunz.com"]}],"handle":[{"handler":"subroute","routes":[{"handle":[{"close":true,"handler":"static_response","status_code":403}],"match":[{"not":[{"remote_ip":{"ranges":["192.168.0.0/16","172.16.0.0/12","10.0.0.0/8"]}}]}]},{"handle":[{"handler":"reverse_proxy","upstreams":[{"dial":"172.25.0.7:8000"}]}]}]}],"terminal":true},{"match":[{"host":["public.dumbunz.com"]}],"handle":[{"handler":"subroute","routes":[{"handle":[{"handler":"reverse_proxy","upstreams":[{"dial":"172.25.0.6:8000"}]}]}]}],"terminal":true},{"match":[{"host":["www.dumbunz.com"]}],"handle":[{"handler":"subroute","routes":[{"handle":[{"handler":"static_response","headers":{"Location":["https://www.{http.request.hostport}{http.request.uri}"]},"status_code":302}]},{"handle":[{"close":true,"handler":"static_response","status_code":403}],"match":[{"not":[{"remote_ip":{"ranges":["192.168.0.0/16","172.16.0.0/12","10.0.0.0/8"]}}]}]},{"handle":[{"handler":"reverse_proxy","upstreams":[{"dial":"172.25.0.9:8000"}]}]}]}],"terminal":true}]}}},"tls":{"automation":{"policies":[{"subjects":["private.dumbunz.com","www.dumbunz.com"],"issuer":{"ca":"https://acme-staging-v02.api.letsencrypt.org/directory","challenges":{"dns":{"provider":{"name":"lego_deprecated","provider_name":"easydns"}}},"email":"XXXXX@gmail.com","module":"acme"}},{"issuer":{"ca":"https://acme-staging-v02.api.letsencrypt.org/directory","email":"XXXXX@gmail.com","module":"acme"}}]}}}}
2021-05-23T06:50:17.909060874Z 2021/05/23 06:50:17 [INFO] Sending configuration to localhost
2021-05-23T06:50:17.909960329Z {"level":"info","ts":1621752617.909783,"logger":"admin.api","msg":"received request","method":"POST","host":"localhost:2019","uri":"/load","remote_addr":"127.0.0.1:39206","headers":{"Accept-Encoding":["gzip"],"Content-Length":["1556"],"Content-Type":["application/json"],"User-Agent":["Go-http-client/1.1"]}}
2021-05-23T06:50:17.910856042Z {"level":"info","ts":1621752617.9106762,"logger":"admin","msg":"admin endpoint started","address":"tcp/localhost:2019","enforce_origin":false,"origins":["localhost:2019","[::1]:2019","127.0.0.1:2019"]}
2021-05-23T06:50:17.911126916Z {"level":"info","ts":1621752617.9109845,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc0001d4540"}
2021-05-23T06:50:17.911296098Z {"level":"info","ts":1621752617.911152,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
2021-05-23T06:50:17.911306258Z {"level":"info","ts":1621752617.9111862,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
2021-05-23T06:50:17.913194917Z {"level":"info","ts":1621752617.9130437,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["private.dumbunz.com","public.dumbunz.com","www.dumbunz.com"]}
2021-05-23T06:50:17.924792792Z {"level":"info","ts":1621752617.924558,"msg":"autosaved config","file":"/config/caddy/autosave.json"}
2021-05-23T06:50:17.924823222Z {"level":"info","ts":1621752617.924595,"logger":"admin.api","msg":"load complete"}
2021-05-23T06:50:17.926637980Z 2021/05/23 06:50:17 [INFO] Successfully configured localhost
2021-05-23T06:50:17.926663710Z {"level":"info","ts":1621752617.924618,"logger":"tls.obtain","msg":"acquiring lock","identifier":"www.dumbunz.com"}
2021-05-23T06:50:17.926670201Z 2021/05/23 06:50:17 [INFO][FileStorage:/data/caddy] Lock for 'cert_acme_www.dumbunz.com_acme-staging-v02.api.letsencrypt.org-directory' is stale (created: 2021-05-23 04:38:31.152835747 +0000 UTC, last update: 2021-05-23 04:38:31.152835747 +0000 UTC); removing then retrying: /data/caddy/locks/cert_acme_www.dumbunz.com_acme-staging-v02.api.letsencrypt.org-directory.lock
2021-05-23T06:50:17.926675931Z {"level":"info","ts":1621752617.926347,"logger":"tls.obtain","msg":"lock acquired","identifier":"www.dumbunz.com"}
2021-05-23T06:50:17.927574055Z {"level":"info","ts":1621752617.9273088,"logger":"tls","msg":"cleaned up storage units"}
2021-05-23T06:50:17.928020502Z {"level":"info","ts":1621752617.9278953,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["www.dumbunz.com"]}
2021-05-23T06:50:17.928043891Z {"level":"info","ts":1621752617.927928,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["www.dumbunz.com"]}
2021-05-23T06:50:18.411317489Z {"level":"info","ts":1621752618.411088,"logger":"admin","msg":"stopped previous server"}
23T06:50:18.809697854Z {"level":"info","ts":1621752618.8095715,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"www.dumbunz.com","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
2021-05-23T06:50:49.362132011Z {"level":"error","ts":1621752649.3619487,"logger":"tls.obtain","msg":"will retry","error":"[www.dumbunz.com] Obtain: [www.dumbunz.com] solving challenges: presenting for challenge: easydns: error adding zone record: Put \"https://rest.easydns.net/zones/records/add/dumbunz.com/TXT?format=json\": context deadline exceeded (Client.Timeout exceeded while awaiting headers) (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/19132318/60410565) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":1,"retrying_in":60,"elapsed":31.435580592,"max_duration":2592000}
23T06:51:50.848295045Z {"level":"info","ts":1621752710.8479986,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"www.dumbunz.com","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
2021-05-23T06:52:21.564159246Z {"level":"error","ts":1621752741.563855,"logger":"tls.obtain","msg":"will retry","error":"[www.dumbunz.com] Obtain: [www.dumbunz.com] solving challenges: presenting for challenge: easydns: error adding zone record: Put \"https://rest.easydns.net/zones/records/add/dumbunz.com/TXT?format=json\": context deadline exceeded (Client.Timeout exceeded while awaiting headers) (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/19132318/60411341) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":2,"retrying_in":120,"elapsed":123.637487675,"max_duration":2592000}
23T06:54:22.488561894Z {"level":"info","ts":1621752862.4883375,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"www.dumbunz.com","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
2021-05-23T06:54:52.885884545Z {"level":"error","ts":1621752892.885608,"logger":"tls.obtain","msg":"will retry","error":"[www.dumbunz.com] Obtain: [www.dumbunz.com] solving challenges: presenting for challenge: easydns: error adding zone record: Put \"https://rest.easydns.net/zones/records/add/dumbunz.com/TXT?format=json\": context deadline exceeded (Client.Timeout exceeded while awaiting headers) (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/19132318/60412779) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":3,"retrying_in":120,"elapsed":274.959238975,"max_duration":2592000}
23T06:56:53.281583615Z {"level":"info","ts":1621753013.2813559,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"www.dumbunz.com","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
2021-05-23T06:57:23.650762345Z {"level":"error","ts":1621753043.6505716,"logger":"tls.obtain","msg":"will retry","error":"[www.dumbunz.com] Obtain: [www.dumbunz.com] solving challenges: presenting for challenge: easydns: error adding zone record: Put \"https://rest.easydns.net/zones/records/add/dumbunz.com/TXT?format=json\": context deadline exceeded (Client.Timeout exceeded while awaiting headers) (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/19132318/60414086) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":4,"retrying_in":300,"elapsed":425.724204667,"max_duration":2592000}
23T07:02:23.938073198Z {"level":"info","ts":1621753343.9378846,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"www.dumbunz.com","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
2021-05-23T07:02:55.006535649Z {"level":"error","ts":1621753375.0062602,"logger":"tls.obtain","msg":"will retry","error":"[www.dumbunz.com] Obtain: [www.dumbunz.com] solving challenges: presenting for challenge: easydns: error adding zone record: Put \"https://rest.easydns.net/zones/records/add/dumbunz.com/TXT?format=json\": context deadline exceeded (Client.Timeout exceeded while awaiting headers) (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/19132318/60417105) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":5,"retrying_in":600,"elapsed":757.079859178,"max_duration":2592000}
23T07:12:55.472258201Z {"level":"info","ts":1621753975.4720328,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"www.dumbunz.com","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
2021-05-23T07:13:25.495929004Z {"level":"error","ts":1621754005.49575,"logger":"tls.obtain","msg":"will retry","error":"[www.dumbunz.com] Obtain: [www.dumbunz.com] solving challenges: presenting for challenge: easydns: error adding zone record: Put \"https://rest.easydns.net/zones/records/add/dumbunz.com/TXT?format=json\": context deadline exceeded (Client.Timeout exceeded while awaiting headers) (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/19132318/60423110) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":6,"retrying_in":1200,"elapsed":1387.569382675,"max_duration":2592000}
23T07:33:25.689611606Z {"level":"info","ts":1621755205.6894023,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"www.dumbunz.com","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
2021-05-23T07:33:55.714773042Z {"level":"error","ts":1621755235.7145023,"logger":"tls.obtain","msg":"will retry","error":"[www.dumbunz.com] Obtain: [www.dumbunz.com] solving challenges: presenting for challenge: easydns: error adding zone record: Put \"https://rest.easydns.net/zones/records/add/dumbunz.com/TXT?format=json\": context deadline exceeded (Client.Timeout exceeded while awaiting headers) (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/19132318/60435163) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":7,"retrying_in":1200,"elapsed":2617.788135032,"max_duration":2592000}
23T07:53:56.130352525Z {"level":"info","ts":1621756436.1301584,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"www.dumbunz.com","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
2021-05-23T07:54:26.258662023Z {"level":"error","ts":1621756466.2584913,"logger":"tls.obtain","msg":"will retry","error":"[www.dumbunz.com] Obtain: [www.dumbunz.com] solving challenges: presenting for challenge: easydns: error adding zone record: Put \"https://rest.easydns.net/zones/records/add/dumbunz.com/TXT?format=json\": context deadline exceeded (Client.Timeout exceeded while awaiting headers) (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/19132318/60446136) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":8,"retrying_in":1800,"elapsed":3848.332123835,"max_duration":2592000}
2021-05-23T08:24:26.642979090Z {"level":"info","ts":1621758266.64273,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"www.dumbunz.com","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
2021-05-23T08:24:56.667931922Z {"level":"error","ts":1621758296.667683,"logger":"tls.obtain","msg":"will retry","error":"[www.dumbunz.com] Obtain: [www.dumbunz.com] solving challenges: presenting for challenge: easydns: error adding zone record: Put \"https://rest.easydns.net/zones/records/add/dumbunz.com/TXT?format=json\": context deadline exceeded (Client.Timeout exceeded while awaiting headers) (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/19132318/60461375) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":9,"retrying_in":1800,"elapsed":5678.741315282,"max_duration":2592000}
23T08:54:58.812044007Z {"level":"info","ts":1621760098.8118076,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"www.dumbunz.com","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
2021-05-23T08:55:28.854620596Z {"level":"error","ts":1621760128.8543692,"logger":"tls.obtain","msg":"will retry","error":"[www.dumbunz.com] Obtain: [www.dumbunz.com] solving challenges: presenting for challenge: easydns: error adding zone record: Put \"https://rest.easydns.net/zones/records/add/dumbunz.com/TXT?format=json\": context deadline exceeded (Client.Timeout exceeded while awaiting headers) (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/19132318/60476527) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":10,"retrying_in":3600,"elapsed":7510.928001566,"max_duration":2592000}
2021-05-23T09:46:45.330616572Z {"level":"info","ts":1621763205.330226,"msg":"shutting down apps then terminating","signal":"SIGTERM"}
2021-05-23T09:46:45.840477902Z 2021/05/23 09:46:45 [INFO] Skipping default Caddyfile because no path is set
2021-05-23T09:46:45.840514122Z [INFO] Skipping configs because swarm is not available
2021-05-23T09:46:45.840517922Z [INFO] Skipping services because swarm is not available
2021-05-23T09:46:45.840521172Z 2021/05/23 09:46:45 [INFO] New Caddyfile:
2021-05-23T09:46:45.840524242Z {
2021-05-23T09:46:45.840527052Z 	acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
2021-05-23T09:46:45.840530442Z 	email XXXXX@gmail.com
2021-05-23T09:46:45.840533442Z }
2021-05-23T09:46:45.840536283Z (dns-challenge) {
2021-05-23T09:46:45.840539113Z 	tls {
2021-05-23T09:46:45.840541913Z 		dns lego_deprecated easydns
2021-05-23T09:46:45.840544813Z 	}
2021-05-23T09:46:45.840547653Z }
2021-05-23T09:46:45.840550493Z (internal-only) {
2021-05-23T09:46:45.840554623Z 	@public_networks not remote_ip 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8
2021-05-23T09:46:45.840557613Z 	respond @public_networks 403 {
2021-05-23T09:46:45.840560473Z 		close
2021-05-23T09:46:45.840563363Z 	}
2021-05-23T09:46:45.840566213Z }
2021-05-23T09:46:45.840568993Z (www-redirect) {
2021-05-23T09:46:45.840571903Z 	redir https://www.{hostport}{uri}
2021-05-23T09:46:45.840574813Z }
2021-05-23T09:46:45.840577573Z www.dumbunz.com {
2021-05-23T09:46:45.840580393Z 	import dns-challenge
2021-05-23T09:46:45.840583213Z 	import internal-only
2021-05-23T09:46:45.840586053Z 	import www-redirect
2021-05-23T09:46:45.840588953Z 	reverse_proxy 172.25.0.9:8000
2021-05-23T09:46:45.840591793Z }
2021-05-23T09:46:45.840837148Z 2021/05/23 09:46:45 [INFO] New Config JSON:
2021-05-23T09:46:45.840919278Z {"apps":{"http":{"servers":{"srv0":{"listen":[":443"],"routes":[{"match":[{"host":["www.dumbunz.com"]}],"handle":[{"handler":"subroute","routes":[{"handle":[{"handler":"static_response","headers":{"Location":["https://www.{http.request.hostport}{http.request.uri}"]},"status_code":302}]},{"handle":[{"close":true,"handler":"static_response","status_code":403}],"match":[{"not":[{"remote_ip":{"ranges":["192.168.0.0/16","172.16.0.0/12","10.0.0.0/8"]}}]}]},{"handle":[{"handler":"reverse_proxy","upstreams":[{"dial":"172.25.0.9:8000"}]}]}]}],"terminal":true}]}}},"tls":{"automation":{"policies":[{"subjects":["www.dumbunz.com"],"issuer":{"ca":"https://acme-staging-v02.api.letsencrypt.org/directory","challenges":{"dns":{"provider":{"name":"lego_deprecated","provider_name":"easydns"}}},"email":"XXXXX@gmail.com","module":"acme"}},{"issuer":{"ca":"https://acme-staging-v02.api.letsencrypt.org/directory","email":"XXXXX@gmail.com","module":"acme"}}]}}}}
2021-05-23T09:46:45.840937259Z 2021/05/23 09:46:45 [INFO] Sending configuration to localhost
2021-05-23T09:46:45.841585660Z {"level":"info","ts":1621763205.8414717,"logger":"admin.api","msg":"received request","method":"POST","host":"localhost:2019","uri":"/load","remote_addr":"127.0.0.1:49182","headers":{"Accept-Encoding":["gzip"],"Content-Length":["992"],"Content-Type":["application/json"],"User-Agent":["Go-http-client/1.1"]}}
2021-05-23T09:46:46.331127056Z {"level":"info","ts":1621763206.3309476,"logger":"tls.obtain","msg":"releasing lock","identifier":"www.dumbunz.com"}
2021-05-23T09:46:46.331316828Z {"level":"info","ts":1621763206.3309352,"logger":"tls.cache.maintenance","msg":"stopped background certificate maintenance","cache":"0xc0001d4540"}
2021-05-23T09:46:46.331548243Z 2021/05/23 09:46:46 [ERROR] Unable to clean up lock: remove /data/caddy/locks/cert_acme_www.dumbunz.com_acme-staging-v02.api.letsencrypt.org-directory.lock: no such file or directory (lock=cert_acme_www.dumbunz.com_acme-staging-v02.api.letsencrypt.org-directory storage=FileStorage:/data/caddy)
2021-05-23T09:46:46.331575252Z {"level":"error","ts":1621763206.3315027,"logger":"tls","msg":"job failed","error":"www.dumbunz.com: obtaining certificate: context canceled"}
2021-05-23T09:46:46.332060541Z {"level":"info","ts":1621763206.3319404,"logger":"admin","msg":"admin endpoint started","address":"tcp/localhost:2019","enforce_origin":false,"origins":["localhost:2019","[::1]:2019","127.0.0.1:2019"]}
2021-05-23T09:46:46.332303125Z {"level":"info","ts":1621763206.3322089,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc000274310"}
2021-05-23T09:46:46.333615336Z {"level":"info","ts":1621763206.3334942,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
2021-05-23T09:46:46.333633396Z {"level":"info","ts":1621763206.3335204,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
2021-05-23T09:46:46.334019831Z {"level":"info","ts":1621763206.3338625,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["www.dumbunz.com"]}
2021-05-23T09:46:46.334207465Z {"level":"info","ts":1621763206.3340425,"msg":"autosaved config","file":"/config/caddy/autosave.json"}
2021-05-23T09:46:46.334244146Z {"level":"info","ts":1621763206.334049,"logger":"admin.api","msg":"load complete"}
2021-05-23T09:46:46.334358678Z {"level":"info","ts":1621763206.3342175,"logger":"tls.obtain","msg":"acquiring lock","identifier":"www.dumbunz.com"}
2021-05-23T09:46:46.334451879Z 2021/05/23 09:46:46 [INFO] Successfully configured localhost
2021-05-23T09:46:46.334484629Z {"level":"info","ts":1621763206.334329,"logger":"tls.obtain","msg":"lock acquired","identifier":"www.dumbunz.com"}
2021-05-23T09:46:46.335114039Z {"level":"info","ts":1621763206.3350012,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["www.dumbunz.com"]}
2021-05-23T09:46:46.335124879Z {"level":"info","ts":1621763206.335034,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["www.dumbunz.com"]}
23T09:46:46.672575680Z {"level":"info","ts":1621763206.6723936,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"www.dumbunz.com","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
2021-05-23T09:46:46.831848779Z {"level":"info","ts":1621763206.8316658,"logger":"admin","msg":"stopped previous server"}
2021-05-23T09:46:46.831891321Z {"level":"info","ts":1621763206.8317144,"msg":"shutdown done","signal":"SIGTERM"}

5. What I already tried:

Since the error is related to adding the zone record I made sure the zone records are getting added in my DNS provider’s (easyDNS) control panel, and they are getting created for sure. Everytime Caddy retries, I get another txt record like so:

_acme-challenge.www.dumbunz.com XXXXXXXXXXXXXXXXXXXXX 120 sec

I’ve also tried disabling the CNAME wildcard on the domain to see if that was interfering with TXT record lookup.

Just to make sure, I validated that accessing www.dumbunz.com in my browser produces an error, but that isn’t very surprising:

Secure Connection Failed

An error occurred during a connection to www.dumbunz.com. Peer reports it experienced an internal error.

Error code: SSL_ERROR_INTERNAL_ERROR_ALERT

6. Links to relevant resources:

francislavoie · May 24, 2021, 3:41pm

Ah, I think lego_deprecated needs an update to be compatible with the latest version of Caddy (since v2.4.0-beta.2) where we made changes to how domain names are passed to libdns plugins. /cc @matt

You may try downgrading to v2.3.0 for the time being. You should probably see the TXT records without the www. with that version.

matt · May 24, 2021, 4:53pm

True, but lego-deprecated is a special case that bypasses the use of libdns entirely.

I’m not sure what the problem is, but I took the opportunity to update lego-deprecated to all the latest versions. I haven’t tested it (since I don’t use it myself, and it is deprecated after all) but maybe that’ll help if, for example, a fix was made upstream in lego since lego v3 (now at v4.3).

system · June 22, 2021, 10:49am

This topic was automatically closed after 30 days. New replies are no longer allowed.