→
1. The problem I’m having:
I am using global config options to specify cert_issuer
and acme_dns
for all my domains. This works perfectly; DNS challenges are completed correctly and certs are issued for the domains (with zero per-domain configs
However, I am looking to add a domain that I can’t complete with globally-set DNS-01 challenge so I would like to override that global acme_dns cloudflare
config with a domain/site specific manual tls
config (to use the HTTP-01 or TLS-ALPN-01 challenges).
In my config below, I tried to override the global config with a local tls
config that specified the Lets Encrypt staging endpoint hoping that would override the global acme_dns
config. While it did override the global cert_issuer
and try to obtain a cert from the LE Staging endpoint, it still tried to use the DNS challenge.
I hope I am just missing something simple to make this happen!
Thanks!
2. Error messages and/or full log output:
{"level":"info","ts":1683570225.8377874,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"testsite.extdomain.net","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
{"level":"error","ts":1683570226.1134539,"logger":"http.acme_client","msg":"cleaning up solver","identifier":"testsite.extdomain.net","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.testsite.extdomain.net\" (usually OK if presenting also failed)"}
{"level":"error","ts":1683570226.1991947,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"testsite.extdomain.net","issuer":"acme-staging-v02.api.letsencrypt.org-directory","error":"[testsite.extdomain.net] solving challenges: presenting for challenge: adding temporary record for zone \"extdomain.net.\": expected 1 zone, got 0 for extdomain.net. (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/00000000/0000000000) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
{"level":"error","ts":1683570226.1994646,"logger":"tls.obtain","msg":"will retry","error":"[testsite.extdomain.net] Obtain: [testsite.extdomain.net] solving challenges: presenting for challenge: adding temporary record for zone \"extdomain.net.\": expected 1 zone, got 0 for extdomain.net. (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/00000000/0000000000) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":1,"retrying_in":60,"elapsed":1.034933669,"max_duration":2592000}
3. Caddy version:
v2.6.4 h1:2hwYqiRwk1tf3VruhMpLcYTg+11fCdr8S3jhNAdnPy8=
4. How I installed and ran Caddy:
Caddy is installed via apt repo and swapped with an xcaddy-compiled binary with the Cloudflare DNS plugin
d. My complete Caddy config:
My Caddyfile has a few dozen sites; I have removed the (repetitive) site configs and leave just my Global config and
{
#debug
admin 0.0.0.0:2019
email certadmin@boldcity.tech
cert_issuer zerossl {env.CADDY_CERT_ZERO_API_KEY}
acme_dns cloudflare {env.CADDY_CF_API_TOKEN}
}
test.teal.technology {
reverse_proxy web07:80
}
*.thedarkrideforums.com {
@thedarkrideforums.com host thedarkrideforums.com
handle @thedarkrideforums.com {
reverse_proxy web07:80
}
@www.thedarkrideforums.com host www.thedarkrideforums.com
handle @www.thedarkrideforums.com {
reverse_proxy web07:80
}
# Fallback for otherwise unhandled domains
handle {
abort
}
}
# Need to set HTTP-01 (or TLS-ALPN-01) challenge for this domain
testsite.extdomain.net {
tls {
issuer acme {
dir https://acme-staging-v02.api.letsencrypt.org/directory
}
}
reverse_proxy web07:80
}