Help Noob With SSL + DDNS

Help
21

Does your router port forward ports 80 and 443 to your server? Does your ISP block usage of those ports?

2 Likes
22

The router I believe is configured correctly.

image

Checking I can confirm my ISP blocks the ports. Their online portal fails to unblock so will need to call support tomorrow. Thank you Francis

23

Testing it looks like changing the setting with my ISP web portal did work, it just reported a failure. So it’s now all working as expected. Only issue I had is it looks like my WAN IP got changed during the process and Caddy didn’t update my DNS records as expected. I’ll monitor for next time it happens and try to troubleshoot. If I can find a solution, I’ll post a new thread. Thanks again for your help :slight_smile:

1 Like
24

Caddy doesn’t do that. The acme_dns config is only for DNS TXT records, not for A records. If you want Caddy to update your A records, you can use GitHub - mholt/caddy-dynamicdns: Caddy app that keeps your DNS records (A/AAAA) pointed at itself.

2 Likes
25

Thank you. I must have misunderstood the purpose of acme_dns. I’ll looks into that app you linked. Is there any purpose in keeping the acme_dns global option at this stage?

EDIT:
I believe I already have the custom build with that module as shown below in output from clisting modules.

caddy list-modules
...

  Standard modules: 106

dns.providers.cloudflare

  Non-standard modules: 1

  Unknown modules: 0

EDIT 2:
Updated Caddyfile

{
	debug

	acme_dns cloudflare [TOKEN]

	dynamic_dns {
		provider cloudflare [TOKEN]
        domains {
                smithbury.com pics plex qb radarr nzb
        }
	}
}

#Homarr
smithbury.com {
	# Homarr host and port
	reverse_proxy 192.168.1.118:7575
}

# Immich
pics.smithbury.com {
	reverse_proxy 192.168.1.118:2283
}

# Plex
plex.smithbury.com {
	reverse_proxy 192.168.1.117:32400
}

# qBittorent
qb.smithbury.com {
	reverse_proxy 192.168.1.110:8998
}

# Radarr
radarr.smithbury.com {
	reverse_proxy 192.168.1.110:7878
}

# SABnzbd
nzb.smithbury.com {
	reverse_proxy 192.168.1.110:8080
}

Note with the above Caddyfile, when trying to restart the service I get the below error logged.

May 23 12:33:34 mercury systemd[1]: Reloading Caddy...
May 23 12:33:34 mercury caddy[1537]: {"level":"info","ts":1716467614.5897908,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":""}
May 23 12:33:34 mercury caddy[1537]: Error: adapting config using caddyfile: /etc/caddy/Caddyfile:6: unrecognized global option: dynamic_dns
May 23 12:33:34 mercury systemd[1]: caddy.service: Control process exited, code=exited, status=1/FAILURE
May 23 12:33:34 mercury systemd[1]: Reload failed for Caddy.

Do I need to have caddy-dynamicdns in addition to Cloudflare module for Caddy? If so, how to install?

1 Like
26

It’s for issuing TLS certs using the ACME DNS challenge, i.e. without requiring ports 80 and 443 to be open, or if you need a wildcard cert. Uses your DNS TXT records as proof that you control the domain instead of proving that you control the server at that IP address by serving some data on either ports 80 or 443 (ACME HTTP or ACME TLS-ALPN challenges).

You can keep using it, no harm. But in your setup it’s probably not required.

Yes, same way as you installed the cloudflare module. You can grab a build from the Caddy website, or build it with xcaddy (see the docs).

2 Likes
27

I’m afraid I may have borked my install :frowning:

I downloaded the custom package with caddy-dynamicdns and Cloudflare module for Caddy using the command below.

curl -o caddy "https://caddyserver.com/api/download?os=linux&arch=arm64&p=github.com%2Fcaddy-dns%2Fcloudflare&p=github.com%2Fmholt%2Fcaddy-dynamicdns&idempotency=6480137858538"

I then repeated the steps from here for setting up the custom build.

Caddy was failing to start the service. I recalled I had to make the file executable.

jeff@mercury:/usr/bin$ chmod +x caddy
jeff@mercury:/usr/bin$ chmod +x caddy.custom
jeff@mercury:/usr/bin$ sudo systemctl start caddy.service
Job for caddy.service failed because the control process exited with error code.

The logs below show the before and after of adding executable permission to the caddy binaries.

May 24 14:36:23 mercury systemd[1]: Starting Caddy...
β–‘β–‘ Subject: A start job for unit caddy.service has begun execution
β–‘β–‘ Defined-By: systemd
β–‘β–‘ Support: http://www.ubuntu.com/support
β–‘β–‘
β–‘β–‘ A start job for unit caddy.service has begun execution.
β–‘β–‘
β–‘β–‘ The job identifier is 3108.
May 24 14:36:23 mercury systemd[2409]: caddy.service: Failed to execute /usr/bin/caddy: Exec format error
May 24 14:36:23 mercury systemd[2409]: caddy.service: Failed at step EXEC spawning /usr/bin/caddy: Exec format error
β–‘β–‘ Subject: Process /usr/bin/caddy could not be executed
β–‘β–‘ Defined-By: systemd
β–‘β–‘ Support: http://www.ubuntu.com/support
β–‘β–‘
β–‘β–‘ The process /usr/bin/caddy could not be executed and failed.
β–‘β–‘
β–‘β–‘ The error number returned by this process is ERRNO.
May 24 14:36:23 mercury systemd[1]: caddy.service: Main process exited, code=exited, status=203/EXEC
β–‘β–‘ Subject: Unit process exited
β–‘β–‘ Defined-By: systemd
β–‘β–‘ Support: http://www.ubuntu.com/support
β–‘β–‘
β–‘β–‘ An ExecStart= process belonging to unit caddy.service has exited.
β–‘β–‘
β–‘β–‘ The process' exit code is 'exited' and its exit status is 203.
May 24 14:36:23 mercury systemd[1]: caddy.service: Failed with result 'exit-code'.
β–‘β–‘ Subject: Unit failed
β–‘β–‘ Defined-By: systemd
β–‘β–‘ Support: http://www.ubuntu.com/support
β–‘β–‘
β–‘β–‘ The unit caddy.service has entered the 'failed' state with result 'exit-code'.
May 24 14:36:23 mercury systemd[1]: Failed to start Caddy.
β–‘β–‘ Subject: A start job for unit caddy.service has failed
β–‘β–‘ Defined-By: systemd
β–‘β–‘ Support: http://www.ubuntu.com/support
β–‘β–‘
β–‘β–‘ A start job for unit caddy.service has finished with a failure.
β–‘β–‘
β–‘β–‘ The job identifier is 3108 and the job result is failed.
May 24 14:45:49 mercury systemd[1]: Starting Caddy...
β–‘β–‘ Subject: A start job for unit caddy.service has begun execution
β–‘β–‘ Defined-By: systemd
β–‘β–‘ Support: http://www.ubuntu.com/support
β–‘β–‘
β–‘β–‘ A start job for unit caddy.service has begun execution.
β–‘β–‘
β–‘β–‘ The job identifier is 3191.
May 24 14:45:49 mercury systemd[1]: caddy.service: Main process exited, code=exited, status=203/EXEC
β–‘β–‘ Subject: Unit process exited
β–‘β–‘ Defined-By: systemd
β–‘β–‘ Support: http://www.ubuntu.com/support
β–‘β–‘
β–‘β–‘ An ExecStart= process belonging to unit caddy.service has exited.
β–‘β–‘
β–‘β–‘ The process' exit code is 'exited' and its exit status is 203.
May 24 14:45:49 mercury systemd[1]: caddy.service: Failed with result 'exit-code'.
β–‘β–‘ Subject: Unit failed
β–‘β–‘ Defined-By: systemd
β–‘β–‘ Support: http://www.ubuntu.com/support
β–‘β–‘
β–‘β–‘ The unit caddy.service has entered the 'failed' state with result 'exit-code'.
May 24 14:45:49 mercury systemd[1]: Failed to start Caddy.
β–‘β–‘ Subject: A start job for unit caddy.service has failed
β–‘β–‘ Defined-By: systemd
β–‘β–‘ Support: http://www.ubuntu.com/support
β–‘β–‘
β–‘β–‘ A start job for unit caddy.service has finished with a failure.
β–‘β–‘
β–‘β–‘ The job identifier is 3191 and the job result is failed.

caddy.service

[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Requires=network-online.target

[Service]
Type=notify
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile --force
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE

[Install]
WantedBy=multi-user.target

Caddyfile

{
	debug

	acme_dns cloudflare [TOKEN]

	dynamic_dns {
		provider cloudflare [TOKEN]
        domains {
                smithbury.com pics plex qb radarr nzb ab todo
	        }
	}
}

# AudiobookShelf
ab.smithbury.com {
	reverse_proxy 192.168.1.118:13378
}

# Homarr
smithbury.com {
	reverse_proxy 192.168.1.118:7575
}

# Immich
pics.smithbury.com {
	reverse_proxy 192.168.1.118:2283
}

# Plex
plex.smithbury.com {
	reverse_proxy 192.168.1.117:32400
}

# qBittorent
qb.smithbury.com {
	reverse_proxy 192.168.1.110:8998
}

# Radarr
radarr.smithbury.com {
	reverse_proxy 192.168.1.110:7878
}

# SABnzbd
nzb.smithbury.com {
	reverse_proxy 192.168.1.110:8080
}

# Vikunja
todo.smithbury.com {
	reverse_proxy 192.168.1.118:3456
}
28

To start fresh, make a copy of your Caddyfile, then run sudo apt purge caddy, then sudo apt install caddy, and then follow these steps to set up the diversion.

2 Likes
29

Tried the purge and fresh install but get same outcome.

Will blow away the VM and start afresh with the lessons learned so far. Thanks for your support Francis.

30

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.