@matt here’s the info:
Using dev image tag: Docker Hub. Dockerfile: caddy-cloudflaredns/Dockerfile at dev · SlothCroissant/caddy-cloudflaredns · GitHub
Version:
v2.4.0-beta.1 h1:Ed/tIaN3p6z8M3pEiXWJL/T8JmCqV62FrSJCHKquW/I=
Caddyfile (for testing):
{
debug
}
(snippet) {
header {
Strict-Transport-Security "max-age=31536000; includeSubdomains"
X-XSS-Protection "1; mode=block"
X-Frame-Options "DENY"
-server
}
tls {
issuer acme {
email me@email.com
dns cloudflare {env.CLOUDFLARE_API_TOKEN}
resolvers 1.1.1.1 1.0.0.1 8.8.8.8 8.8.4.4
}
}
log {
output file /data/logs/caddy.log {
roll_size 20MiB
roll_keep 5
}
}
}
headerstest.ryanb.tv {
reverse_proxy docker01.lan:8097
import snippet
}
{"level":"info","ts":1615921927.9838674,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}
{"level":"info","ts":1615921927.9865224,"logger":"admin","msg":"admin endpoint started","address":"tcp/localhost:2019","enforce_origin":false,"origins":["localhost:2019","[::1]:2019","127.0.0.1:2019"]}
{"level":"info","ts":1615921927.9868786,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc0003b0770"}
{"level":"info","ts":1615921927.98701,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
{"level":"info","ts":1615921927.987035,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
{"level":"debug","ts":1615921927.9875472,"logger":"http","msg":"starting server loop","address":"[::]:443","http3":false,"tls":true}
{"level":"debug","ts":1615921927.9876034,"logger":"http","msg":"starting server loop","address":"[::]:80","http3":false,"tls":false}
{"level":"info","ts":1615921927.9876156,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["headerstest.ryanb.tv"]}
{"level":"info","ts":1615921927.987919,"msg":"autosaved config","file":"/config/caddy/autosave.json"}
{"level":"info","ts":1615921927.9879391,"msg":"serving initial configuration"}
{"level":"info","ts":1615921927.988374,"logger":"tls.obtain","msg":"acquiring lock","identifier":"headerstest.ryanb.tv"}
{"level":"info","ts":1615921927.989246,"logger":"tls.obtain","msg":"lock acquired","identifier":"headerstest.ryanb.tv"}
{"level":"info","ts":1615921928.0164888,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["headerstest.ryanb.tv"]}
{"level":"info","ts":1615921928.0165884,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["headerstest.ryanb.tv"]}
{"level":"info","ts":1615921928.046092,"logger":"tls","msg":"cleaned up storage units"}
{"level":"debug","ts":1615921928.2167864,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"GET","url":"https://acme-v02.api.letsencrypt.org/directory","headers":{"User-Agent":["Caddy/2.4.0-beta.1 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["658"],"Content-Type":["application/json"],"Date":["Tue, 16 Mar 2021 19:12:08 GMT"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}}
{"level":"debug","ts":1615921928.2664735,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"HEAD","url":"https://acme-v02.api.letsencrypt.org/acme/new-nonce","headers":{"User-Agent":["Caddy/2.4.0-beta.1 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Cache-Control":["public, max-age=0, no-cache"],"Date":["Tue, 16 Mar 2021 19:12:08 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["01040EL5yOBsE8diixWdvaP5vLWzXIhtSZgLk8kpvQnd6qk"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}}
{"level":"debug","ts":1615921928.6143923,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/new-order","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.0-beta.1 CertMagic acmez (linux; amd64)"]},"status_code":201,"response_headers":{"Boulder-Requester":["85557177"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["341"],"Content-Type":["application/json"],"Date":["Tue, 16 Mar 2021 19:12:08 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Location":["https://acme-v02.api.letsencrypt.org/acme/order/85557177/8488708367"],"Replay-Nonce":["0103pOi5dyBIQJ1suyGyTQVGOmNGj0lrDbnxOb0-OtcF2XE"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}}
{"level":"debug","ts":1615921928.7030046,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/authz-v3/11613087122","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.0-beta.1 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Boulder-Requester":["85557177"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["801"],"Content-Type":["application/json"],"Date":["Tue, 16 Mar 2021 19:12:08 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["0103QEbaqvUVSB_7HP8q24ibfzE3yatv_Ced5pTluQXs0j4"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}}
{"level":"debug","ts":1615921928.7031846,"logger":"tls.issuance.acme.acme_client","msg":"no solver configured","challenge_type":"tls-alpn-01"}
{"level":"info","ts":1615921928.7032025,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"headerstest.ryanb.tv","challenge_type":"dns-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
{"level":"debug","ts":1615921929.966319,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/chall-v3/11613087122/3FRdzA","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.0-beta.1 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Boulder-Requester":["85557177"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["185"],"Content-Type":["application/json"],"Date":["Tue, 16 Mar 2021 19:12:09 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\"","<https://acme-v02.api.letsencrypt.org/acme/authz-v3/11613087122>;rel=\"up\""],"Location":["https://acme-v02.api.letsencrypt.org/acme/chall-v3/11613087122/3FRdzA"],"Replay-Nonce":["0104GhMma8Tc-qiXoH7i3HOAbrZ4GV2jSygIT0dxFHs1VT0"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}}
{"level":"debug","ts":1615921929.9664564,"logger":"tls.issuance.acme.acme_client","msg":"challenge accepted","identifier":"headerstest.ryanb.tv","challenge_type":"dns-01"}
{"level":"debug","ts":1615921930.302825,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/authz-v3/11613087122","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.0-beta.1 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Boulder-Requester":["85557177"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["619"],"Content-Type":["application/json"],"Date":["Tue, 16 Mar 2021 19:12:10 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["0103VBq-s54AMDfDqf2DUao25VdpaoEvZCvx2VQahvmB_Xo"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}}
{"level":"error","ts":1615921930.4536796,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"headerstest.ryanb.tv","challenge_type":"dns-01","status_code":400,"problem_type":"urn:ietf:params:acme:error:dns","error":"DNS problem: NXDOMAIN looking up TXT for _acme-challenge.headerstest.ryanb.tv - check that a DNS record exists for this domain"}
{"level":"error","ts":1615921930.4537308,"logger":"tls.issuance.acme.acme_client","msg":"validating authorization","identifier":"headerstest.ryanb.tv","error":"authorization failed: HTTP 400 urn:ietf:params:acme:error:dns - DNS problem: NXDOMAIN looking up TXT for _acme-challenge.headerstest.ryanb.tv - check that a DNS record exists for this domain","order":"https://acme-v02.api.letsencrypt.org/acme/order/85557177/8488708367","attempt":1,"max_attempts":3}
{"level":"debug","ts":1615921931.6880887,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/new-order","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.0-beta.1 CertMagic acmez (linux; amd64)"]},"status_code":201,"response_headers":{"Boulder-Requester":["85557177"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["341"],"Content-Type":["application/json"],"Date":["Tue, 16 Mar 2021 19:12:11 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Location":["https://acme-v02.api.letsencrypt.org/acme/order/85557177/8488709287"],"Replay-Nonce":["0104T7f6lxeigzP_ctrs1WSWHnA8W0IdzfF9VZ7jv0KQyaY"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}}
{"level":"debug","ts":1615921931.7820208,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/authz-v3/11613088243","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.0-beta.1 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Boulder-Requester":["85557177"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["801"],"Content-Type":["application/json"],"Date":["Tue, 16 Mar 2021 19:12:11 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["0104lP-57vptS9FcDokwX6l74UToLcpzUS-UKH9jz8fggfc"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}}
{"level":"debug","ts":1615921931.7822125,"logger":"tls.issuance.acme.acme_client","msg":"no solver configured","challenge_type":"tls-alpn-01"}
{"level":"debug","ts":1615921931.7822394,"logger":"tls.issuance.acme.acme_client","msg":"no solver configured","challenge_type":"http-01"}
{"level":"debug","ts":1615921931.8904192,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/authz-v3/11613088243","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.0-beta.1 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Boulder-Requester":["85557177"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["805"],"Content-Type":["application/json"],"Date":["Tue, 16 Mar 2021 19:12:11 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["01036uAbQLOpuq8Wrz6zr8VoMggxw1LXBQ8VzdOcTW6DuXQ"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}}
{"level":"error","ts":1615921931.8905716,"logger":"tls.obtain","msg":"will retry","error":"[headerstest.ryanb.tv] Obtain: [headerstest.ryanb.tv] solving challenges: headerstest.ryanb.tv: no solvers available for remaining challenges (configured=[dns-01] offered=[http-01 dns-01 tls-alpn-01] remaining=[http-01 tls-alpn-01]) (order=https://acme-v02.api.letsencrypt.org/acme/order/85557177/8488709287) (ca=https://acme-v02.api.letsencrypt.org/directory)","attempt":1,"retrying_in":60,"elapsed":3.901303165,"max_duration":2592000}
I don’t see anything interesting in here around Cloudflare API calls to update the DNS TXT records, etc. I feel like that’s what’s failing - I never do see those show up in my Cloudflare dashboard (though I could just be missing them if they’re only there for a few seconds before getting cleaned up).