I’ve tried creating two automation policies like this post but without success, also tried using a Caddyfile like this other post and had the same “no solvers” error.
ERROR tls.obtain will retry {"error": "[*.domain.com] Obtain: [*.domain.com] solving challenges: *.domain.com: no solvers available for remaining challenges (configured=[http-01 tls-alpn-01] offered=[dns-01] remaining=[dns-01]) (order=https://acme.zerossl.com/v2/DV90/order/xxxx) (ca=https://acme.zerossl.com/v2/DV90)", "attempt": 1, "retrying_in": 60, "elapsed": 2.993847201, "max_duration": 2592000}
ERROR tls.obtain will retry {"error": "[*.domain.com] Obtain: [*.domain.com] solving challenges: *.domain.com: no solvers available for remaining challenges (configured=[http-01 tls-alpn-01] offered=[dns-01] remaining=[dns-01]) (order=https://acme.zerossl.com/v2/DV90/order/yyyy) (ca=https://acme.zerossl.com/v2/DV90)", "attempt": 2, "retrying_in": 120, "elapsed": 65.445825567, "max_duration": 2592000}
ERROR tls.obtain will retry {"error": "[*.domain.com] Obtain: [*.domain.com] solving challenges: *.domain.com: no solvers available for remaining challenges (configured=[http-01 tls-alpn-01] offered=[dns-01] remaining=[dns-01]) (order=https://acme.zerossl.com/v2/DV90/order/zzzz) (ca=https://acme.zerossl.com/v2/DV90)", "attempt": 3, "retrying_in": 120, "elapsed": 187.71117716, "max_duration": 2592000}
ERROR tls.obtain will retry {"error": "[*.domain.com] Obtain: [*.domain.com] solving challenges: *.domain.com: no solvers available for remaining challenges (configured=[http-01 tls-alpn-01] offered=[dns-01] remaining=[dns-01]) (order=https://acme.zerossl.com/v2/DV90/order/wwww) (ca=https://acme.zerossl.com/v2/DV90)", "attempt": 4, "retrying_in": 300, "elapsed": 310.45877065, "max_duration": 2592000}
I’m not sure if this is a caddy wildcard problem or some other configuration (DNS?) because it works for domain.com and sub.domain.com (when on_demand is active - issuing a certificate with CN sub.domain.com).
Also checked with a basic Caddyfile and got the same error.
*.domain.com
reverse_proxy localhost:3000
forcing the zerossl issuer I’ve got the same error:
domain.com:443, *.domain.com:443 {
reverse_proxy localhost:3000
tls {
issuer zerossl
}
}
INFO tls.issuance.acme.acme_client trying to solve challenge {"identifier": "domain.com", "challenge_type": "http-01", "ca": "https://acme.zerossl.com/v2/DV90"}
ERROR tls.obtain will retry {"error": "[*.domain.com] Obtain: [*.domain.com] solving challenges: *.domain.com: no solvers available for remaining challenges (configured=[http-01 tls-alpn-01] offered=[dns-01] remaining=[dns-01]) (order=https://acme.zerossl.com/v2/DV90/order/xxxxx) (ca=https://acme.zerossl.com/v2/DV90)", "attempt": 1, "retrying_in": 60, "elapsed": 1.912255346, "max_duration": 2592000}
INFO tls.issuance.acme served key authentication {"identifier": "domain.com", "challenge": "http-01", "remote": "91.199.212.xxx:53520"}
INFO tls.issuance.acme.acme_client validations succeeded; finalizing order {"order": "https://acme.zerossl.com/v2/DV90/order/yyyyy"}
INFO tls.issuance.acme.acme_client successfully downloaded available certificate chains {"count": 1, "first_url": "https://acme.zerossl.com/v2/DV90/cert/zzzz"}
INFO tls.obtain certificate obtained successfully {"identifier": "domain.com"}
INFO tls.obtain releasing lock {"identifier": "domain.com"}
WARN tls stapling OCSP {"error": "no OCSP stapling for [domain.com]: parsing OCSP response: ocsp: error from server: unauthorized"}