How to use DNS provider modules in Caddy 2

Wiki
1

Caddy 2 uses a new and improved DNS provider interface for solving the ACME DNS challenge.

All you have to do is plug the service provider(s) you need into your build, then add the DNS challenge to your configuration!

Getting a DNS provider plugin

How you choose to get a custom Caddy build is up to you; we’ll describe two common methods here.

Method 1:

  1. Go to the Caddy download page.
  2. Find your DNS provider in the list of modules (dns.providers.*) and select it.
  3. Download your custom Caddy build.

Method 2:

  1. Find your DNS provider in the caddy-dns repositories.
  2. Build caddy with your DNS provider plugged in. This is a single xcaddy command:
    xcaddy build --with github.com/caddy-dns/REPOSITORY

If you do not find your DNS provider:

If you do not find a module for your DNS provider, that means nobody has implemented it yet. Your DNS provider must be implemented, either by you or someone else kind enough to do it. We can do it for your business for free with a Business+ sponsorship or higher.

Enabling the DNS challenge

Once you have a custom Caddy binary with your DNS provider module plugged in, you simply have to enable the DNS challenge in your config. Do this one of the following ways:

Caddyfile

Global option (use DNS challenge for all sites)

For a globally-recognized DNS challenge configuration, use the acme_dns global option at the top of your Caddyfile:

{
    acme_dns <provider> ...
}

For example:

{
    acme_dns cloudflare 1484053787dJQB8vP1q0yc5ZEBnH6JGS4d3mBmvIeMrnnxFi3WtJdF
}

Per-site configuration

Or, to enable the DNS challenge for a specific site only, use a tls directive in its site block:

tls {
    dns <provider> ...
}

for example:

tls {
    dns cloudflare 1484053787dJQB8vP1q0yc5ZEBnH6JGS4d3mBmvIeMrnnxFi3WtJdF
}

(You might also use a {env.*) placeholder if your credentials are in the environment.) Each provider may have a slightly different syntax; check module docs to be sure.

JSON

Or, if you use JSON, configure an automation policy with an acme issuer that sets the DNS challenge, for example:

{
	"module": "acme",
	"challenges": {
        "dns": {
            "provider": {
                "name": "cloudflare",
                "api_token": "YOUR_CLOUDFLARE_API_TOKEN"
            }
        }
    }
}
18 Likes
Caddy v2 Cloudflare plugin install
Anybody using wildcard SSL with Namecheap on Caddy?
How can I use DNS challenge in Caddy2?
Caddy version 1 end of life date
"The page isn’t redirecting properly" when runn
Rate limited by LetsEncrypt - how to resolve?
Can't figure out how to get started w/ wildcard cert w/Route53 and Letsencrypt
Caddy2 Cloudflare-DNS Implimentation Windows Native
How to get Cloudflare API token env variable?
Enabling wildcard and on_demand certificates
Can't obtain certificate on custom port http-01
Unable to install Cloudflare DNS module
Wildcard certificates, building from scratch and what Caddy is all about
Error during parsing: getting module named 'dns.providers.cloudflare': module not registered: dns.providers.cloudflare, import chain: ['']
Configuring Caddy with Cloudflare DNS - The page isn’t redirecting properly
Reverse Proxy Local Clients Directly to Local Server Using Same Domain as External Clients
Install a new module in Caddy 2
Caddy in Docker On Private Network
Troubles with DNS-01 challenge using DuckDNS
Caddy not requesting wildcard domain
Can I use netcup DNS acme challenge in docker?
Apple Pay TLS Cipher Suite Issues
Generic question about DNS providers & Caddy
Caddy with UFW and autodrop of rules
Caddy as reverse proxy with duckdns package
Cannot connect to website https nor http
Caddy docker rootless problem with Certificate
Erorr With Dockerization On Unraid
How to migrate from NGINX Ubuntu 20
PowerDNS plugin
Error obtaining certificate after Caddy restart
Serving tens of thousands of domains over HTTPS with Caddy
Client TLS Setup (iOS, macOS)
Could my Caddyfile be improved?
HTTPS in Backend, Caddy as Proxy ends in Errror 502
Tls interal still yields ERR_SSL_PROTOCOL_ERROR
SabNZBd Reserse Proxy V3.0.1 Docker - rss feeds
Newbe Configuring Caddy as Reverse Proxy
Caddy+Cloudflare on Docker SSL Error only on internal domain
Building caddy with dns provider module and docker getting caddy_build exited with code 0
Unable to get wildcard certificate
How to reuse certs generated by dns challenge?
Rewrite current setup for automatic TLS on demand for new wildcard domain
Cannot get SSL/HTTPS certificate for my homelab
Caddy issues with some sites but not others
Is port forwarding necessary
Get ssl wildcard & conflict json file
Waiting for solver before continuing: Cant create a wildcard certificate
Best practices for running an HTTPS reverse proxy behind a Wireguard tunnel
Reverseproxy failes for local domain
Obtaining and renewing SSL/TLS certificates when Caddy sits behind an IP whitelist
DNS provider module in docker build 'not registered'
Caddy2 integration is not starting (HassOS)
How to install DNS provider plugins with Docker?
Can't get certificates & DNS challenge refuses to work
DNS domains for internal only with public ACME
Get an SSL certificate when ports 80 and 443 are unavailable on OpenVZ and X-UI panel
Please explain auto tls failure
On-demand Subdomains with HTTPS Failing
Change Port for port forwarding for reverse proxy?
How would I setup Caddy with Cloudflare to hide my IP using Wildcard DNS records?
Changing nginx to caddy
Help deploying Caddy with Cloudflare DNS
Help deploying Caddy with Cloudflare DNS
Understanding module installation
Referencing static files in HTML in handle_errors
Domain’s Supported
Authorization failed on server
How to get SSL without access to external ports 443/80?
Caddy Docker with DuckDNS
Cannot start Caddy via Docker
New DNS provider module
DNS-01 Challenge failing with Netcup DNS-Plugin
Cant get my DNS-Provider-Module for DNS-Challenge working
Caddy as "acme forward proxy"?
Acme-dns support in caddy v2 as a dns provider
Enabling wildcard and on_demand certificates
Caddy server SSL installed but not working
2

A post was split to a new topic: How to get Cloudflare API token?

3

A post was split to a new topic: Advantages of libdns?

4

The global option is only in 2.4.0-beta.1, which should be pointed out.
Just spent 2 hours finding out that it wasn’t available on previous versions.

1 Like
5

That’s not exactly true, it existed for a long time before, but it was broken/non-functional until this commit: caddyfile: Refactor unmarshaling of module tokens · caddyserver/caddy@f021696 · GitHub

6

A post was split to a new topic: Split up ACME challenges

7

A post was split to a new topic: DNS challenge troubles

8

I am using 2.4.0-Beta.1 now. But even before that I was able to do the following

(cloudflare) {
      tls {
        dns cloudflare YOUR_API_KEY
      }
}
nas.myfancydomain.com {
      reverse_proxy http://192.168.1.51
      import cloudflare
}

It’s easier now that we can define it globally and not have to import it in every site configuration.

2 Likes
9

the doc link

seems outdate. (empty content)

maybe this link?

10

Fixed, thanks.

FYI, anyone can edit Wiki posts if you find a problem.

11

A post was split to a new topic: New DNS provider module

12

4 posts were split to a new topic: How to install DNS provider plugins with Docker?

16

6 posts were split to a new topic: How to use DNS provider plugins after building them