1. Output of caddy version
:
v2.6.2 h1:wKoFIxpmOJLGl3QXoo6PNbYvGW4xLEgo32GPBEjWL8o=
2. How I run Caddy:
docker run --name caddy-proxy-cloudflare -d \
-p 80:80 \
-p 443:443 \
-v /home/dattl/caddy/site:/srv \
-v /home/dattl/caddy/data:/data \
-v /home/dattl/caddy/config:/config \
-v /home/dattl/caddy/config/Caddyfile:/etc/caddy/Caddyfile \
-e CLOUDFLARE_API_TOKEN=123456 \
-e ACME_AGREE=true \
dadattl/caddy-proxy-cloudflare:latest
a. System environment:
Raspberry Pi and Docker image built with:
FROM caddy:builder AS builder
RUN caddy-builder \
github.com/caddy-dns/cloudflare
FROM caddy:latest
COPY --from=builder /usr/bin/caddy /usr/bin/caddy
DNS:
_acme-challenge.othersdomain.com canonical name = cloudflaredomain.com
b. Command:
docker run --name caddy-proxy-cloudflare -d \
-p 80:80 \
-p 443:443 \
-v /home/dattl/caddy/site:/srv \
-v /home/dattl/caddy/data:/data \
-v /home/dattl/caddy/config:/config \
-v /home/dattl/caddy/config/Caddyfile:/etc/caddy/Caddyfile \
-e CLOUDFLARE_API_TOKEN=123456 \
-e ACME_AGREE=true \
dadattl/caddy-proxy-cloudflare:latest
c. Service/unit/compose file:
d. My complete Caddy config:
{
acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
email caddyproxy@othersdomain.com
}
test.cloudflaredomain.com {
tls {
dns cloudflare {env.CLOUDFLARE_API_TOKEN}
resolvers 1.1.1.1
}
}
othersdomain.com {
tls {
dns cloudflare {env.CLOUDFLARE_API_TOKEN}
dns_challenge_override_domain cloudflaredomain.com
resolvers 1.1.1.1
}
}
3. The problem I’m having:
The directive
dns_challenge_override_domain cloudflaredomain.com
seems not to work for me.
Maybe it is a typo or a missunderstanding of useage or I didn`t install an other needed plugin. Can you please help with that.
4. Error messages and/or full log output:
INF ts=1673520516.2876968 msg=using provided configuration config_file=/etc/caddy/Caddyfile config_adapter=caddyfile
WRN ts=1673520516.2940102 msg=Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies adapter=caddyfile file=/etc/caddy/Caddyfile line=2
INF ts=1673520516.2982595 logger=admin msg=admin endpoint started address=localhost:2019 enforce_origin=false origins=["//[::1]:2019","//127.0.0.1:2019","//localhost:2019"]
INF ts=1673520516.2992725 logger=tls.cache.maintenance msg=started background certificate maintenance cache=0x2eaa050
INF ts=1673520516.3004131 logger=http msg=server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS server_name=srv0 https_port=443
INF ts=1673520516.3005054 logger=http msg=enabling automatic HTTP->HTTPS redirects server_name=srv0
INF ts=1673520516.3012848 logger=tls msg=cleaning storage unit description=FileStorage:/data/caddy
INF ts=1673520516.3013701 logger=http msg=enabling HTTP/3 listener addr=:443
INF ts=1673520516.3021991 msg=failed to sufficiently increase receive buffer size (was: 176 kiB, wanted: 2048 kiB, got: 352 kiB). See https://github.com/lucas-clemente/quic-go/wiki/UDP-Receive-Buffer-Size for details.
INF ts=1673520516.3027244 logger=http.log msg=server running name=srv0 protocols=["h1","h2","h3"]
INF ts=1673520516.3030784 logger=http.log msg=server running name=remaining_auto_https_redirects protocols=["h1","h2","h3"]
INF ts=1673520516.303131 logger=http msg=enabling automatic TLS certificate management domains=["test.cloudflaredomain.com","othersdomain.com"]
INF ts=1673520516.3045309 msg=autosaved config (load with --resume flag) file=/config/caddy/autosave.json
INF ts=1673520516.3046143 msg=serving initial configuration
INF ts=1673520516.3055155 logger=tls.obtain msg=acquiring lock identifier=othersdomain.com
INF ts=1673520516.3055158 logger=tls.obtain msg=acquiring lock identifier=test.cloudflaredomain.com
INF ts=1673520516.3109312 logger=tls msg=finished cleaning storage units
INF ts=1673520516.3666565 logger=tls.obtain msg=lock acquired identifier=test.cloudflaredomain.com
INF ts=1673520516.3675992 logger=tls.obtain msg=obtaining certificate identifier=test.cloudflaredomain.com
INF ts=1673520516.371758 logger=tls.obtain msg=lock acquired identifier=othersdomain.com
INF ts=1673520516.3729155 logger=tls.obtain msg=obtaining certificate identifier=othersdomain.com
INF ts=1673520516.4146311 logger=http msg=waiting on internal rate limiter identifiers=["test.cloudflaredomain.com"] ca=https://acme-staging-v02.api.letsencrypt.org/directory account=caddyproxy@othersdomain.com
INF ts=1673520516.4147203 logger=http msg=done waiting on internal rate limiter identifiers=["test.cloudflaredomain.com"] ca=https://acme-staging-v02.api.letsencrypt.org/directory account=caddyproxy@othersdomain.com
INF ts=1673520516.414927 logger=http msg=waiting on internal rate limiter identifiers=["othersdomain.com"] ca=https://acme-staging-v02.api.letsencrypt.org/directory account=caddyproxy@othersdomain.com
INF ts=1673520516.4151387 logger=http msg=done waiting on internal rate limiter identifiers=["othersdomain.com"] ca=https://acme-staging-v02.api.letsencrypt.org/directory account=caddyproxy@othersdomain.com
INF ts=1673520517.7052374 logger=http.acme_client msg=trying to solve challenge identifier=test.cloudflaredomain.com challenge_type=dns-01 ca=https://acme-staging-v02.api.letsencrypt.org/directory
INF ts=1673520518.055583 logger=http.acme_client msg=trying to solve challenge identifier=othersdomain.com challenge_type=dns-01 ca=https://acme-staging-v02.api.letsencrypt.org/directory
ERR ts=1673520519.7041817 logger=http.acme_client msg=cleaning up solver identifier=othersdomain.com challenge_type=dns-01 error=no memory of presenting a DNS record for "cloudflaredomain.com" (usually OK if presenting also failed)
ERR ts=1673520519.887109 logger=tls.obtain msg=could not get certificate from issuer identifier=othersdomain.com issuer=acme-staging-v02.api.letsencrypt.org-directory error=[othersdomain.com] solving challenges: presenting for challenge: adding temporary record for zone "cloudflaredomain.com.": got error status: HTTP 400: [{Code:1004 Message:DNS Validation Error}] (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/82662763/6476905703) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)
INF ts=1673520519.8953173 logger=http msg=waiting on internal rate limiter identifiers=["othersdomain.com"] ca=https://acme-staging-v02.api.letsencrypt.org/directory account=caddyproxy@othersdomain.com
INF ts=1673520519.8954923 logger=http msg=done waiting on internal rate limiter identifiers=["othersdomain.com"] ca=https://acme-staging-v02.api.letsencrypt.org/directory account=caddyproxy@othersdomain.com
INF ts=1673520520.8169153 logger=http.acme_client msg=trying to solve challenge identifier=othersdomain.com challenge_type=dns-01 ca=https://acme-staging-v02.api.letsencrypt.org/directory
ERR ts=1673520522.4676528 logger=http.acme_client msg=cleaning up solver identifier=othersdomain.com challenge_type=dns-01 error=no memory of presenting a DNS record for "cloudflaredomain.com" (usually OK if presenting also failed)
ERR ts=1673520522.6518908 logger=tls.obtain msg=could not get certificate from issuer identifier=othersdomain.com issuer=acme-staging-v02.api.letsencrypt.org-directory error=[othersdomain.com] solving challenges: presenting for challenge: adding temporary record for zone "cloudflaredomain.com.": got error status: HTTP 400: [{Code:1004 Message:DNS Validation Error}] (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/82662763/6476906303) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)
ERR ts=1673520522.6522403 logger=tls.obtain msg=will retry error=[othersdomain.com] Obtain: [othersdomain.com] solving challenges: presenting for challenge: adding temporary record for zone "cloudflaredomain.com.": got error status: HTTP 400: [{Code:1004 Message:DNS Validation Error}] (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/82662763/6476906303) (ca=https://acme-staging-v02.api.letsencrypt.org/directory) attempt=1 retrying_in=60 elapsed=6.280232596 max_duration=2592000
INF ts=1673520525.7208114 logger=http.acme_client msg=authorization finalized identifier=test.cloudflaredomain.com authz_status=valid
INF ts=1673520525.720933 logger=http.acme_client msg=validations succeeded; finalizing order order=https://acme-staging-v02.api.letsencrypt.org/acme/order/82662763/6476905553
INF ts=1673520526.3540008 logger=http.acme_client msg=successfully downloaded available certificate chains count=1 first_url=https://acme-staging-v02.api.letsencrypt.org/acme/cert/faf3ff5189a46c67fcccc1352d9b9a7f77a6
INF ts=1673520526.3564303 logger=tls.obtain msg=certificate obtained successfully identifier=test.cloudflaredomain.com
INF ts=1673520526.3567116 logger=tls.obtain msg=releasing lock identifier=test.cloudflaredomain.com
INF ts=1673520582.6544812 logger=tls.obtain msg=obtaining certificate identifier=othersdomain.com
INF ts=1673520583.2111979 logger=http.acme_client msg=trying to solve challenge identifier=othersdomain.com challenge_type=dns-01 ca=https://acme-staging-v02.api.letsencrypt.org/directory
ERR ts=1673520584.1435366 logger=http.acme_client msg=cleaning up solver identifier=othersdomain.com challenge_type=dns-01 error=no memory of presenting a DNS record for "cloudflaredomain.com" (usually OK if presenting also failed)
ERR ts=1673520584.3202338 logger=tls.obtain msg=could not get certificate from issuer identifier=othersdomain.com issuer=acme-staging-v02.api.letsencrypt.org-directory error=[othersdomain.com] solving challenges: presenting for challenge: adding temporary record for zone "cloudflaredomain.com.": got error status: HTTP 400: [{Code:1004 Message:DNS Validation Error}] (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/82662763/6476924223) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)
INF ts=1673520584.914232 logger=http.acme_client msg=trying to solve challenge identifier=othersdomain.com challenge_type=dns-01 ca=https://acme-staging-v02.api.letsencrypt.org/directory
ERR ts=1673520585.702544 logger=http.acme_client msg=cleaning up solver identifier=othersdomain.com challenge_type=dns-01 error=no memory of presenting a DNS record for "cloudflaredomain.com" (usually OK if presenting also failed)
ERR ts=1673520585.8847485 logger=tls.obtain msg=could not get certificate from issuer identifier=othersdomain.com issuer=acme-staging-v02.api.letsencrypt.org-directory error=[othersdomain.com] solving challenges: presenting for challenge: adding temporary record for zone "cloudflaredomain.com.": got error status: HTTP 400: [{Code:1004 Message:DNS Validation Error}] (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/82662763/6476924683) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)
ERR ts=1673520585.885634 logger=tls.obtain msg=will retry error=[othersdomain.com] Obtain: [othersdomain.com] solving challenges: presenting for challenge: adding temporary record for zone "cloudflaredomain.com.": got error status: HTTP 400: [{Code:1004 Message:DNS Validation Error}] (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/82662763/6476924683) (ca=https://acme-staging-v02.api.letsencrypt.org/directory) attempt=2 retrying_in=120 elapsed=69.513625021 max_duration=2592000
INF ts=1673520705.8875592 logger=tls.obtain msg=obtaining certificate identifier=othersdomain.com
INF ts=1673520706.4480875 logger=http.acme_client msg=trying to solve challenge identifier=othersdomain.com challenge_type=dns-01 ca=https://acme-staging-v02.api.letsencrypt.org/directory
ERR ts=1673520707.4295528 logger=http.acme_client msg=cleaning up solver identifier=othersdomain.com challenge_type=dns-01 error=no memory of presenting a DNS record for "cloudflaredomain.com" (usually OK if presenting also failed)
ERR ts=1673520707.6135654 logger=tls.obtain msg=could not get certificate from issuer identifier=othersdomain.com issuer=acme-staging-v02.api.letsencrypt.org-directory error=[othersdomain.com] solving challenges: presenting for challenge: adding temporary record for zone "cloudflaredomain.com.": got error status: HTTP 400: [{Code:1004 Message:DNS Validation Error}] (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/82662763/6476961913) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)
INF ts=1673520708.1642392 logger=http.acme_client msg=trying to solve challenge identifier=othersdomain.com challenge_type=dns-01 ca=https://acme-staging-v02.api.letsencrypt.org/directory
ERR ts=1673520709.1022384 logger=http.acme_client msg=cleaning up solver identifier=othersdomain.com challenge_type=dns-01 error=no memory of presenting a DNS record for "cloudflaredomain.com" (usually OK if presenting also failed)
ERR ts=1673520709.2853715 logger=tls.obtain msg=could not get certificate from issuer identifier=othersdomain.com issuer=acme-staging-v02.api.letsencrypt.org-directory error=[othersdomain.com] solving challenges: presenting for challenge: adding temporary record for zone "cloudflaredomain.com.": got error status: HTTP 400: [{Code:1004 Message:DNS Validation Error}] (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/82662763/6476962413) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)
ERR ts=1673520709.2857375 logger=tls.obtain msg=will retry error=[othersdomain.com] Obtain: [othersdomain.com] solving challenges: presenting for challenge: adding temporary record for zone "cloudflaredomain.com.": got error status: HTTP 400: [{Code:1004 Message:DNS Validation Error}] (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/82662763/6476962413) (ca=https://acme-staging-v02.api.letsencrypt.org/directory) attempt=3 retrying_in=120 elapsed=192.913730254 max_duration=2592000
INF ts=1673520829.2888951 logger=tls.obtain msg=obtaining certificate identifier=othersdomain.com
INF ts=1673520829.846228 logger=http.acme_client msg=trying to solve challenge identifier=othersdomain.com challenge_type=dns-01 ca=https://acme-staging-v02.api.letsencrypt.org/directory
ERR ts=1673520831.0011332 logger=http.acme_client msg=cleaning up solver identifier=othersdomain.com challenge_type=dns-01 error=no memory of presenting a DNS record for "cloudflaredomain.com" (usually OK if presenting also failed)
ERR ts=1673520831.182298 logger=tls.obtain msg=could not get certificate from issuer identifier=othersdomain.com issuer=acme-staging-v02.api.letsencrypt.org-directory error=[othersdomain.com] solving challenges: presenting for challenge: adding temporary record for zone "cloudflaredomain.com.": got error status: HTTP 400: [{Code:1004 Message:DNS Validation Error}] (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/82662763/6476994323) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)
INF ts=1673520831.7413588 logger=http.acme_client msg=trying to solve challenge identifier=othersdomain.com challenge_type=dns-01 ca=https://acme-staging-v02.api.letsencrypt.org/directory
ERR ts=1673520832.5800455 logger=http.acme_client msg=cleaning up solver identifier=othersdomain.com challenge_type=dns-01 error=no memory of presenting a DNS record for "cloudflaredomain.com" (usually OK if presenting also failed)
ERR ts=1673520832.7607863 logger=tls.obtain msg=could not get certificate from issuer identifier=othersdomain.com issuer=acme-staging-v02.api.letsencrypt.org-directory error=[othersdomain.com] solving challenges: presenting for challenge: adding temporary record for zone "cloudflaredomain.com.": got error status: HTTP 400: [{Code:1004 Message:DNS Validation Error}] (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/82662763/6476994643) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)
ERR ts=1673520832.7611282 logger=tls.obtain msg=will retry error=[othersdomain.com] Obtain: [othersdomain.com] solving challenges: presenting for challenge: adding temporary record for zone "cloudflaredomain.com.": got error status: HTTP 400: [{Code:1004 Message:DNS Validation Error}] (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/82662763/6476994643) (ca=https://acme-staging-v02.api.letsencrypt.org/directory) attempt=4 retrying_in=300 elapsed=316.389121564 max_duration=2592000
INF ts=1673521132.76364 logger=tls.obtain msg=obtaining certificate identifier=othersdomain.com
INF ts=1673521133.708751 logger=http.acme_client msg=trying to solve challenge identifier=othersdomain.com challenge_type=dns-01 ca=https://acme-staging-v02.api.letsencrypt.org/directory
ERR ts=1673521134.7269125 logger=http.acme_client msg=cleaning up solver identifier=othersdomain.com challenge_type=dns-01 error=no memory of presenting a DNS record for "cloudflaredomain.com" (usually OK if presenting also failed)
ERR ts=1673521134.90331 logger=tls.obtain msg=could not get certificate from issuer identifier=othersdomain.com issuer=acme-staging-v02.api.letsencrypt.org-directory error=[othersdomain.com] solving challenges: presenting for challenge: adding temporary record for zone "cloudflaredomain.com.": got error status: HTTP 400: [{Code:1004 Message:DNS Validation Error}] (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/82662763/6477069653) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)
INF ts=1673521135.8306231 logger=http.acme_client msg=trying to solve challenge identifier=othersdomain.com challenge_type=dns-01 ca=https://acme-staging-v02.api.letsencrypt.org/directory
ERR ts=1673521136.615386 logger=http.acme_client msg=cleaning up solver identifier=othersdomain.com challenge_type=dns-01 error=no memory of presenting a DNS record for "cloudflaredomain.com" (usually OK if presenting also failed)
ERR ts=1673521136.7933054 logger=tls.obtain msg=could not get certificate from issuer identifier=othersdomain.com issuer=acme-staging-v02.api.letsencrypt.org-directory error=[othersdomain.com] solving challenges: presenting for challenge: adding temporary record for zone "cloudflaredomain.com.": got error status: HTTP 400: [{Code:1004 Message:DNS Validation Error}] (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/82662763/6477070123) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)
{"level":"error","ts":1673521136.794149,"logger":"tls.obtain","msg":"will retry","error":"[othersdomain.com] Obtain: [othersdomain.com] solving challenges: presenting for challenge: adding temporary record for zone \"cloudflaredomain.com.\": got error status: HTTP 400: [{Code:1004 Message:DNS Validation Error}] (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/82662763/6477070123) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":5,"retrying_in":600,"elapsed":620.422141136,"max_duration":2592000}
5. What I already tried:
I was debugging the Caddyfile for a while before trying to issue a cert for “test.cloudflaredomain.com” directly.
So my Cloudflare-config seems to be fine and working as i can issue a cert for the actual cloudflare-domain.
But I am not able to use it as an alias-domain for issuing a cert for the servername “othersdomain.com”