How to config acme-dns wildcard cert

Help
1

Using this GitHub - caddy-dns/acmedns , I tring to config the wildcard

My config like this

{
	#auto_https disable_redirects
	#auto_https off

	http_port 80
	https_port 443

	log {
		output stdout
		level INFO
		format console
	}

  # _acme-challenge.example.com
	acme_dns acmedns {
		config {
			example.com {
				username ""
				password ""
				subdomain ""
				fulldomain ".auth.acme-dns.io"
				server_url "https://auth.acme-dns.io"
			}
		}
	}
}


*.example.com example.com console.example.com {
	respond / "Hello World" 200
}

there is more console.example.com block generated by docker-proxy, caddy still tring to resolve the cert for console.example.com

tls.obtain	will retry	{"error": "[console.example.com] Obtain: [console.example.com] solving challenges: presenting for challenge: adding temporary record for zone \"example.com.\": Config for domain console.example.com not found (order=https://acme-staging-v02.api.letsencrypt.org/acme/order//) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)", "attempt": 3, "retrying_in": 120, "elapsed": 186.085659, "max_duration": 2592000}

but www.example.com already using the wildcard cert

I see there is tls.dns config, I really have no idea how to config caddy to using a wildcard cert, I hope I just config the cert once, then all domain match the wildcard should use the cert.

2

You can’t use fake domains like example.com, you need to use a real public domain.

Are you actually using the ACME-DNS service? Did you follow the steps in those docs to sign up for an account?

You don’t need to specify console.example.com because *.example.com already covers it.

I’m not sure what you’re trying to do with that.

1 Like
3

Hi @wener,

example.com is the proper domain name to use if you redacted the actual domain name.

As https://example.com/ shows the intended usages

Example Domain
This domain is for use in illustrative examples in documents. You may use this domain in literature without prior coordination or asking for permission.

Also see:

4

@francislavoie @Bruce5051 Thanks, example.com is a placeholder only, I want to config wildcard cert by using acme dns, I don’t know how to config the cert and how to tell caddy to use a wildcard cert.

{
	http_port 80
	https_port 443

	log {
		output stdout
		level INFO
		format console
	}

	acme_dns acmedns {
		config {
			"*.example.com" {
				username ""
				password ""
				subdomain ""
				fulldomain ""
				server_url "https://auth.acme-dns.io"
			}
		}
	}
}

http://:80 {
	respond / "Hello World" 200
}

# This works
example.com {
	respond / "Hi from Root" 200
}

# This not work
web.example.com {
	respond / "Hi from Web" 200
}

How can I let web.example.com use alread request cert *.example.com, is this a valid pattern in caddy ?

Should follow Common Caddyfile Patterns — Caddy Documentation

1 Like
5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.