No valid A records found

1. Caddy version (caddy version):

lucaslorentz/caddy-docker-proxy:ci-alpine

2. How I run Caddy:

a. System environment:

Docker

b. Service/unit/compose file:

##_____________________ Caddy [CLOUD/web-proxy]
  caddy:
    container_name: caddy-proxy
    image: lucaslorentz/caddy-docker-proxy:ci-alpine
    restart: always
    networks: 
      - web-proxy
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - $DOCKERDIR/caddy/caddy_data:/data
      - $DOCKERDIR/caddy/config:/config
    volumes_from: 
      - nextcloud 
    ports:
      - 80:80
      - 443:443
    labels:
      caddy_0: http://adguard.o
      caddy_0.reverse_proxy: host.docker.internal:3000

##
##____________________ NextCloud TESTED V21.0 [CLOUD/Files/NextCloud]
  nextcloud:
    image: nextcloud:fpm-alpine
    container_name: nextcloud
    restart: always
    mem_limit: 2048m
    mem_reservation: 512m
    networks:
      - web-proxy
      - nextcloud
    depends_on:
      - nextcloud-db
      - nextcloud-cache
    environment:
      NEXTCLOUD_DATA_DIR: /var/nextdata
      NEXTCLOUD_TRUSTED_DOMAINS: next.$DOMAIN
      NEXTCLOUD_ADMIN_USER: $ADMIN
      NEXTCLOUD_ADMIN_PASSWORD: $ADMINPW
      POSTGRES_HOST: nextcloud-db
      POSTGRES_DB: nextcloud
      POSTGRES_USER: $USER_INT
      POSTGRES_PASSWORD: $PW_INT
      REDIS_HOST: nextcloud-cache
      #SMTP_HOST: $SMTPHOST
      #SMTP_SECURE: tls
      #SMTP_NAME: $SMTPUSER
      #SMTP_PASSWORD: $SMTPPASS
      #SMTP_FROM_ADDRESS: $EMAIL
      #SMTP_PORT: 587
    volumes:
      - $DOCKERDIR/nextcloud/var/nextdata:/var/nextdata
      - $DOCKERDIR/nextcloud/var/www/html:/var/www/html
      - $DOCKERDIR/nextcloud/var/www/html/config:/var/www/html/config
    labels:
      caddy: next.$DOMAIN
      caddy.tls: $EMAIL
      caddy.file_server: "" 
      caddy.root: "* /var/www/html"
      caddy.php_fastcgi: "{{upstreams 9000}}"
      caddy.php_fastcgi.root: "/var/www/html"
      caddy.php_fastcgi.env: "front_controller_active true"
      caddy.encode: gzip
      caddy.redir_0: "/.well-known/carddav /remote.php/dav 301"
      caddy.redir_1: "/.well-known/caldav /remote.php/dav 301"
      caddy.header.Strict-Transport-Security: '"max-age=15768000;includeSubDomains;preload"' 

##____________________ NextCloud [CLOUD/Files/NextCloud/database]
  nextcloud-db:
    container_name: nextcloud-db
    image: postgres:12-alpine
    restart: always
    networks:
      - nextcloud
    environment:
      POSTGRES_USER: $USER_INT
      POSTGRES_PASSWORD: $PW_INT
    volumes:
      - $DOCKERDIR/nextcloud/db:/var/lib/postgresql/data
      - /etc/localtime:/etc/localtime:ro
##____________________ NextCloud [CLOUD/Files/NextCloud/cache]
  nextcloud-cache:
    container_name: nextcloud-cache
    image: redis:alpine
    restart: always
    mem_limit: 2048m
    mem_reservation: 512m
    networks:
      - nextcloud
    command: redis-server --requirepass $PW_INT

3. The problem I’m having:

In my browser when I connect to my domain the browser looks like the following error. SSL_ERROR_INTERNAL_ERROR_ALERT

4. Error messages and/or full log output:

{"level":"error","ts":1658754972.7507286,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"next.maraujo.rio.br","challenge_type":"http-01","problem":{"type":"urn:ietf:params:acme:error:dns","title":"","detail":"no valid A records found for next.maraujo.rio.br; no valid AAAA records found for next.maraujo.rio.br","instance":"","subproblems":[]}}
{"level":"error","ts":1658754972.7507784,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"next.maraujo.rio.br","problem":{"type":"urn:ietf:params:acme:error:dns","title":"","detail":"no valid A records found for next.maraujo.rio.br; no valid AAAA records found for next.maraujo.rio.br","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/62044554/3352707784","attempt":1,"max_attempts":3}
{"level":"info","ts":1658754974.1348803,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"next.maraujo.rio.br","challenge_type":"tls-alpn-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
{"level":"error","ts":1658754974.757916,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"next.maraujo.rio.br","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:dns","title":"","detail":"no valid A records found for next.maraujo.rio.br; no valid AAAA records found for next.maraujo.rio.br","instance":"","subproblems":[]}}
{"level":"error","ts":1658754974.7579682,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"next.maraujo.rio.br","problem":{"type":"urn:ietf:params:acme:error:dns","title":"","detail":"no valid A records found for next.maraujo.rio.br; no valid AAAA records found for next.maraujo.rio.br","instance":"","subproblems":[]},"order":"https://acme-staging-v02.api.letsencrypt.org/acme/order/62044554/3352708534","attempt":2,"max_attempts":3}
{"level":"error","ts":1658754974.7580044,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"next.maraujo.rio.br","issuer":"acme-v02.api.letsencrypt.org-directory","error":"HTTP 400 urn:ietf:params:acme:error:dns - no valid A records found for next.maraujo.rio.br; no valid AAAA records found for next.maraujo.rio.br"}
{"level":"info","ts":1658755000.2393863,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"next.maraujo.rio.br","challenge_type":"http-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"error","ts":1658755321.2434974,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"next.maraujo.rio.br","issuer":"acme.zerossl.com-v2-DV90","error":"[next.maraujo.rio.br] solving challenges: [next.maraujo.rio.br] authorization took too long (order=https://acme.zerossl.com/v2/DV90/order/6jNX9ze5rsoXq2Jy_uGf6A) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1658755321.2435598,"logger":"tls.obtain","msg":"will retry","error":"[next.maraujo.rio.br] Obtain: [next.maraujo.rio.br] 
solving challenges: [next.maraujo.rio.br] authorization took too long (order=https://acme.zerossl.com/v2/DV90/order/6jNX9ze5rsoXq2Jy_uGf6A) (ca=https://acme.zerossl.com/v2/DV90)","attempt":5,"retrying_in":600,"elapsed":1754.20402283,"max_duration":2592000}

5. What I already tried:

I tried to register my dns as follows:

A record @ to myipserver
CNAME record next to maraujo.rio.br

This is your current DNS configuration:

;; ANSWER SECTION:
next.maraujo.rio.br.	3600	IN	CNAME	maraujo.rio.br.
maraujo.rio.br.		3600	IN	A	192.168.18.87

The A record is pointing at a private IP address, which is not available to external networks (IBM Docs). This means CAs, e.g. Let’s Encrypt and ZeroSSL, cannot reach your server to resolve the challenge and issue you a certificate. You will need to somehow make the server reachable externally, or use the DNS challenge to avoid the need for having the server reachable for the certificate issuers.

2 Likes

Thanks @Mohammed90 Thanks for your answer, I’m really doing it wrong. I’m studying on the topic and I found this wiki made by @matt and I will delve into the topic.

https://caddy.community/t/using-caddy-as-a-reverse-proxy-in-a-home-network/9427

1 Like