1. Output of caddy version
:
v2.5.3-0.20220831011552-687a4b9e81c7 h1:by5h5TFif7dxcBLb+p76ktY88+Zxo4V/EOWYXK+elpQ=
(./xcaddy build master --with GitHub - caddy-dns/route53: Caddy module: dns.providers.route53)
2. How I run Caddy:
brew
a. System environment:
Mac, Brew
b. Command:
sudo caddy run
d. My complete Caddy config:
{
"admin": { "listen": ":2020" },
"apps": {
"http": {
"servers": {
"srv0": {
"listen": [":443"],
"routes": [
{
"handle": [
{
"handler": "subroute",
"routes": [
{
"handle": [
{
"handler": "vars",
"root": "/opt/homebrew/var/www/localhost"
},
{ "handler": "file_server", "hide": ["./Caddyfile"] }
]
}
]
}
],
"match": [{ "host": ["*.localfounder.me"] }],
"terminal": true
},
{
"handle": [
{
"handler": "subroute",
"routes": [
{
"handle": [
{
"handler": "reverse_proxy",
"upstreams": [{ "dial": "127.0.0.1:8090" }]
}
]
}
]
}
],
"match": [{ "host": ["*.localkinde.me"] }],
"terminal": true
},
{
"handle": [
{
"handler": "subroute",
"routes": [
{
"handle": [
{
"handler": "reverse_proxy",
"upstreams": [{ "dial": "127.0.0.1:8090" }]
}
]
}
]
}
],
"match": [{ "host": ["beta-three.davebain.me"] }],
"terminal": true
}
],
"tls_connection_policies": [
{
"certificate_selection": { "any_tag": ["cert0"] },
"match": { "sni": ["*.localfounder.me"] }
},
{
"certificate_selection": { "any_tag": ["cert1"] },
"match": { "sni": ["*.localkinde.me"] }
},
{}
]
}
}
},
"tls": {
"automation": {
"policies": [
{
"issuers": [
{
"ca": "https://acme-v02.api.letsencrypt.org/directory",
"module": "acme"
}
],
"subjects": ["*.localfounder.me", "*.localkinde.me"]
},
{
"issuers": [
{
"ca": "https://acme-staging-v02.api.letsencrypt.org/directory",
"challenges": {
"dns": {
"override_domain": "_acme-challenge.e8dfc814512412f151441790919c2b3e.au_1.localkinde.me",
"provider": {
"aws_profile": "default",
"max_retries": 10,
"name": "route53"
}
}
},
"module": "acme"
}
],
"subjects": ["beta-three.davebain.me"]
}
]
},
"certificates": {
"load_files": [
{
"certificate": "/etc/letsencrypt/live/localfounder.me/fullchain.pem",
"key": "/etc/letsencrypt/live/localfounder.me/privkey.pem",
"tags": ["cert0"]
},
{
"certificate": "/etc/letsencrypt/live/localkinde.me/fullchain.pem",
"key": "/etc/letsencrypt/live/localkinde.me/privkey.pem",
"tags": ["cert1"]
}
]
}
}
}
}
Isolated config
In the above Iām locally serving some two other domains (which already have local certs), these arenāt relevant to this issue, so hereās a slimmed down version of the config, to the bits for the specific domain using the challenge:
{
"admin": { "listen": ":2020" },
"apps": {
"http": {
"servers": {
"srv0": {
"listen": [":443"],
"routes": [
{
"handle": [
{
"handler": "subroute",
"routes": [
{
"handle": [
{
"handler": "reverse_proxy",
"upstreams": [{ "dial": "127.0.0.1:8090" }]
}
]
}
]
}
],
"match": [{ "host": ["beta-four.davebain.me"] }],
"terminal": true
}
]
}
}
},
"tls": {
"automation": {
"policies": [
{
"issuers": [
{
"ca": "https://acme-staging-v02.api.letsencrypt.org/directory",
"challenges": {
"dns": {
"override_domain": "_acme-challenge.1bd1831e999dc6409ea4820252d545e2.au_1.localkinde.me",
"provider": {
"aws_profile": "default",
"max_retries": 10,
"name": "route53"
}
}
},
"module": "acme"
}
],
"subjects": ["beta-four.davebain.me"]
}
]
}
}
}
}
3. The problem Iām having:
The DNS challenge is being used, which does work and certs are issued however the DNS challenge is not being cleaned up. There was a fix for this on Use OverrideDomain when cleaning up DNS solver (#193) Ā· caddyserver/certmagic@23ca487 Ā· GitHub
So I used xcaddy to build a custom binary from the master branch, on build I can see itās using certmagic version v0.16.3 so the fix is included.
4. Error messages and/or full log output:
2022/08/31 17:18:31.705 ERROR tls.issuance.acme.acme_client cleaning up solver {"identifier": "beta-four.davebain.me", "challenge_type": "dns-01", "error": "no memory of presenting a DNS record for \"_acme-challenge.1bd1831e999dc6409ea4820252d545e2.au_1.localkinde.me\" (usually OK if presenting also failed)"}
5. What I already tried:
Building a custom binary with the fix.
6. Links to relevant resources:
Original discussion related to this:
The fix: Use OverrideDomain when cleaning up DNS solver (#193) Ā· caddyserver/certmagic@23ca487 Ā· GitHub