1. The problem I’m having:
I cannot obtain a TLS certificate via Let’s Encrypt using CloudFlare DNS challenge.
I’ve verified that caddy can successfully create the ACME TXT record on CloudFlare.
However, caddy does not seem to be able to confirm that the record is created. I tried to configure my Caddyfile with propagation_timeout -1
in the hope that it would not check if the record was created, but this does not seem to work and the challenge cannot complete.
2. Error messages and/or full log output:
./caddy_darwin_arm64_custom run
2024/05/06 14:42:43.970 INFO using adjacent Caddyfile
2024/05/06 14:42:43.972 INFO admin admin endpoint started {"address": "localhost:2019", "enforce_origin": false, "origins": ["//[::1]:2019", "//127.0.0.1:2019", "//localhost:2019"]}
2024/05/06 14:42:43.972 INFO tls.cache.maintenance started background certificate maintenance {"cache": "0x140006a3d00"}
2024/05/06 14:42:43.972 INFO http.auto_https server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS {"server_name": "srv0", "https_port": 443}
2024/05/06 14:42:43.972 INFO http.auto_https enabling automatic HTTP->HTTPS redirects {"server_name": "srv0"}
2024/05/06 14:42:43.972 INFO http enabling HTTP/3 listener {"addr": ":443"}
2024/05/06 14:42:43.973 INFO http.log server running {"name": "srv0", "protocols": ["h1", "h2", "h3"]}
2024/05/06 14:42:43.973 INFO http.log server running {"name": "remaining_auto_https_redirects", "protocols": ["h1", "h2", "h3"]}
2024/05/06 14:42:43.973 INFO http enabling automatic TLS certificate management {"domains": ["vault2.rhaidiz.net"]}
2024/05/06 14:42:43.973 INFO autosaved config (load with --resume flag) {"file": "/Users/federicodemeo/Library/Application Support/Caddy/autosave.json"}
2024/05/06 14:42:43.973 INFO serving initial configuration
2024/05/06 14:42:43.974 INFO tls.obtain acquiring lock {"identifier": "vault2.rhaidiz.net"}
2024/05/06 14:42:43.979 WARN tls storage cleaning happened too recently; skipping for now {"storage": "FileStorage:/Users/federicodemeo/Library/Application Support/Caddy", "instance": "9ae59042-52e9-4d4e-b09d-79bae33db1a6", "try_again": "2024/05/07 14:42:43.979", "try_again_in": 86399.999999542}
2024/05/06 14:42:43.979 INFO tls finished cleaning storage units
2024/05/06 14:42:43.983 INFO tls.obtain lock acquired {"identifier": "vault2.rhaidiz.net"}
2024/05/06 14:42:43.983 INFO tls.obtain obtaining certificate {"identifier": "vault2.rhaidiz.net"}
2024/05/06 14:42:43.985 INFO tls.issuance.acme waiting on internal rate limiter {"identifiers": ["vault2.rhaidiz.net"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": ""}
2024/05/06 14:42:43.986 INFO tls.issuance.acme done waiting on internal rate limiter {"identifiers": ["vault2.rhaidiz.net"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": ""}
2024/05/06 14:42:46.283 INFO tls.issuance.acme.acme_client trying to solve challenge {"identifier": "vault2.rhaidiz.net", "challenge_type": "dns-01", "ca": "https://acme-v02.api.letsencrypt.org/directory"}
2024/05/06 14:42:49.313 ERROR tls.issuance.acme.acme_client challenge failed {"identifier": "vault2.rhaidiz.net", "challenge_type": "dns-01", "problem": {"type": "urn:ietf:params:acme:error:dns", "title": "", "detail": "DNS problem: NXDOMAIN looking up TXT for _acme-challenge.vault2.rhaidiz.net - check that a DNS record exists for this domain", "instance": "", "subproblems": []}}
2024/05/06 14:42:49.313 ERROR tls.issuance.acme.acme_client validating authorization {"identifier": "vault2.rhaidiz.net", "problem": {"type": "urn:ietf:params:acme:error:dns", "title": "", "detail": "DNS problem: NXDOMAIN looking up TXT for _acme-challenge.vault2.rhaidiz.net - check that a DNS record exists for this domain", "instance": "", "subproblems": []}, "order": "https://acme-v02.api.letsencrypt.org/acme/order/1711691297/267097986617", "attempt": 1, "max_attempts": 3}
2024/05/06 14:42:49.313 ERROR tls.obtain could not get certificate from issuer {"identifier": "vault2.rhaidiz.net", "issuer": "acme-v02.api.letsencrypt.org-directory", "error": "HTTP 400 urn:ietf:params:acme:error:dns - DNS problem: NXDOMAIN looking up TXT for _acme-challenge.vault2.rhaidiz.net - check that a DNS record exists for this domain"}
2024/05/06 14:42:49.317 INFO tls.issuance.zerossl waiting on internal rate limiter {"identifiers": ["vault2.rhaidiz.net"], "ca": "https://acme.zerossl.com/v2/DV90", "account": "caddy@zerossl.com"}
2024/05/06 14:42:49.317 INFO tls.issuance.zerossl done waiting on internal rate limiter {"identifiers": ["vault2.rhaidiz.net"], "ca": "https://acme.zerossl.com/v2/DV90", "account": "caddy@zerossl.com"}
2024/05/06 14:42:50.785 INFO tls.issuance.zerossl.acme_client trying to solve challenge {"identifier": "vault2.rhaidiz.net", "challenge_type": "dns-01", "ca": "https://acme.zerossl.com/v2/DV90"}
3. Caddy version:
v2.7.6 h1:w0NymbG2m9PcvKWsrXO6EEkY9Ru4FJK8uQbYcev1p3A=
4. How I installed and ran Caddy:
I went to Download Caddy, searched for cloudflare-dns, selected it, made sure Apple Silicon was selected and downloaded.
I run caddy like this ./caddy_darwin_arm64_custom run
.
a. System environment:
MacOS 14.4.1.
b. Command:
./caddy_darwin_arm64_custom run
c. Service/unit/compose file:
N/A
d. My complete Caddy config:
vault2.rhaidiz.net {
respond "Welcome to TLS"
tls {
dns cloudflare REDACTED
propagation_timeout -1
resolvers 8.8.8.8
}
}
5. Links to relevant resources:
N/A