Help requested with DNS propagation errors

1. The problem I’m having:

Can not get my Duckdns domain to work

2. Error messages and/or full log output:

ERR ts=1717858263.2264428 logger=tls.obtain msg=could not get certificate from issuer identifier=gharomv.duckdns.org issuer=acme-v02.api.letsencrypt.org-directory error=[gharomv.duckdns.org] solving challenges: waiting for solver certmagic.solverWrapper to be ready: checking DNS propagation of "_acme-challenge.gharomv.duckdns.org": dial udp: lookup ns8.duckdns.org. on 127.0.0.11:53: no such host (order=https://acme-v02.api.letsencrypt.org/acme/order/1771004187/276568303427) (ca=https://acme-v02.api.letsencrypt.org/directory)
ERR ts=1717858277.4254181 logger=tls.obtain msg=could not get certificate from issuer identifier=gharomv.duckdns.org issuer=acme-v02.api.letsencrypt.org-directory error=[gharomv.duckdns.org] solving challenges: waiting for solver certmagic.solverWrapper to be ready: checking DNS propagation of "_acme-challenge.gharomv.duckdns.org": read udp 192.168.1.197:42070->3.97.51.116:53: read: connection refused (order=https://acme-v02.api.letsencrypt.org/acme/order/1771004187/276568387647) (ca=https://acme-v02.api.letsencrypt.org/directory)
ERR ts=1717858277.425532 logger=tls.obtain msg=will retry error=[gharomv.duckdns.org] Obtain: [gharomv.duckdns.org] solving challenges: waiting for solver certmagic.solverWrapper to be ready: checking DNS propagation of "_acme-challenge.gharomv.duckdns.org": read udp 192.168.1.197:42070->3.97.51.116:53: read: connection refused (order=https://acme-v02.api.letsencrypt.org/acme/order/1771004187/276568387647) (ca=https://acme-v02.api.letsencrypt.org/directory) attempt=1 retrying_in=60 elapsed=44.416629652 max_duration=2592000

3. Caddy version:

v2.8.4 (Docker Container) (in a separate Docker Macvlan)

4. How I installed and ran Caddy:

Using the Docker container (in a separate Docker Macvlan) with the custom Caddy module for Duckdns

a. System environment:

b. Command:

docker run -d \
  --name unicad \
  --restart unless-stopped \
  --ip 192.168.1.197 \
  --dns 8.8.8.8 \
  --network="net" \
  -p 80:80 \
  -p 443:443 \
  -v /drive1t/dockerconf/caddy/caddy:/usr/bin/caddy \
  -v /drive1t/dockerconf/caddy/Caddyfile:/etc/caddy/Caddyfile:rw \
  -v /drive1t/dockerconf/caddy/caddy-config:/config \
  -v /drive1t/dockerconf/caddy/caddy-data:/data \
  -e DOMAIN=gharomv.duckdns.org \
  -e EMAIL=gnas5@gmail.com \
  -e TOKEN=secret \
  -e LOG_FILE=/data/access.log \
  -e DUCKDNS_DOMAIN=https://gharomv.duckdns.org \
  -e DUCKDNS_TOKEN=secret \
  caddy:latest

d. My complete Caddy config:

{
	acme_ca https://acme-v02.api.letsencrypt.org/directory
	acme_dns duckdns secret
}

gharomv.duckdns.org:443 {
	tls {
		dns duckdns secret
		resolvers 8.8.8.8
	}

	reverse_proxy 192.168.1.9:8096
}

That seems like a Docker networking issue. I don’t think I can explain why it doesn’t work.

You could disable the propagation checks if you can’t get it figured out, by setting propagation_timeout -1, see tls (Caddyfile directive) — Caddy Documentation

1 Like