1. Caddy version (caddy version):
v2.4.0-beta.1.0.20210302012759-ad8d01cb6631 h1:vf9HWT7UbJBxLLigI11b4SbWhD/7IlMFTU9t07A+HU8=
2. How I run Caddy:
We have caddy running our dev sandboxes in a rather complex set-up. We are asking for wildcard certs because we set up a whole bunch of sub-domains. We actually got everything working to the point where are full test suite passes it, etc. All good. So we rolled out to the rest of the developers.
However, it is failing on SOME developer machines. We get this error:
{"level":"error","ts":1616776725.1127188,"logger":"tls.obtain","msg":"will retry","error":"[accounts-customer.secondlife.buster3.dev.tilia-inc.com] Obtain: [accounts-customer.secondlife.buster3.dev.tilia-inc.com] solving challenges: presenting for challenge: adding temporary record for zone dev.tilia-inc.com.: InvalidChangeBatch: InvalidChangeBatch: [RRSet with DNS name _acme-challenge.accounts-customer.secondlife.buster3. is not permitted in zone dev.tilia-inc.com.]\n\tstatus code: 400, request id: a445466e-602f-4def-b0f9-737e890391b4 (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/18782613/18575500) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":3,"retrying_in":120,"elapsed":191.228348427,"max_duration":2592000}
What is odd is all the developer machines are pretty much configured the same way. So it is rather confusing it would be different. But, of course, this error has nothing to do with the developer machines Route53 doesn’t like is getting sent to it.
Anyone know enough about the DNS challenge stuff to help me figure out what is going on?
a. System environment:
b. Command:
paste command here
c. Service/unit/compose file:
paste full file contents here
d. My complete Caddyfile or JSON config:
paste config here, replacing this text
use `caddy fmt` to make it readable
DO NOT REDACT anything except credentials
or helpers will be sad