Suddenly Unable to Get Certificates | "Domain name not found\t"

TheRettom · December 28, 2025, 8:10pm

1. The problem I’m having:

Certificates will not auto-renew due to a domain name not found with the Namecheap DNS plugin. This error has never occurred with this Caddyfile, so I have no idea what’s going on. I also haven’t seen any changes that have been made since Caddy 2.8 that would cause this problem.

2. Error messages and/or full log output:

Dec 28 12:48:26 homeserver caddy\[70671\]: {“level”:“info”,“ts”:1766951306.9181063,“msg”:“trying to solve challenge”,“identifier”:“cmms.famdam.top”,“challenge
\_type”:“dns-01”,“ca”:“https://acme-v02.api.letsencrypt.org/directory”}
Dec 28 12:48:26 homeserver caddy\[70671\]: {“level”:“debug”,“ts”:1766951306.9242563,“msg”:“http request”,“method”:“POST”,“url”:“https://acme-v02.api.letsencry
pt.org/acme/authz/2237117955/634470351906",“headers”:{“Content-Type”:[“application/jose+json”],“User-Agent”:["Caddy/2.10.2 CertMagic acmez (linux; amd64)”\]}
,“response_headers”:{“Boulder-Requester”:\[“2237117955”\],“Cache-Control”:\[“public, max-age=0, no-cache”\],“Content-Length”:\[“828”\],“Content-Type”:\[“applicatio
n/json”\],“Date”:\[“Sun, 28 Dec 2025 19:48:26 GMT”\],“Link”:\[“<https://acme-v02.api.letsencrypt.org/directory>;rel="index"”\],“Replay-Nonce”:\[“IijzadlS2huqy2r
RnNNz_h5urkkuIIYES8tz2lSCuMDbMn9AvaM”\],“Server”:\[“nginx”\],“Strict-Transport-Security”:\[“max-age=604800”\],“X-Frame-Options”:\[“DENY”\]},“status_code”:200}
Dec 28 12:48:26 homeserver caddy\[70671\]: {“level”:“debug”,“ts”:1766951306.9245346,“msg”:“no solver configured”,“challenge_type”:“tls-alpn-01”}
Dec 28 12:48:26 homeserver caddy\[70671\]: {“level”:“info”,“ts”:1766951306.924571,“msg”:“trying to solve challenge”,“identifier”:“wireguard.famdam.top”,“chall
enge_type”:“dns-01”,“ca”:“https://acme-v02.api.letsencrypt.org/directory”}
Dec 28 12:48:27 homeserver caddy\[70671\]: {“level”:“error”,“ts”:1766951307.316902,“logger”:“dynamic_dns”,“msg”:“unable to lookup current IPs from DNS records
“,“error”:“namecheap api returned error in response. Err: Error0: Domain name not found\\t”}
Dec 28 12:48:27 homeserver caddy\[70671\]: {“level”:“debug”,“ts”:1766951307.3169234,“logger”:“dynamic_dns”,“msg”:“looked up current IPs from DNS”,“lastIPs”:nu
ll}
Dec 28 12:48:27 homeserver caddy\[70671\]: {“level”:“debug”,“ts”:1766951307.4036417,“logger”:“dynamic_dns.ip_sources.simple_http”,“msg”:“lookup”,“type”:“IPv4”
,“endpoint”:“https://icanhazip.com”,“ip”:“207.204.57.77”}
Dec 28 12:48:27 homeserver caddy\[70671\]: {“level”:“info”,“ts”:1766951307.4036727,“logger”:“dynamic_dns”,“msg”:“updating DNS record”,“zone”:“famdam.top”,“typ
e”:“A”,“name”:”@”,“ip”:“207.204.57.77”,“ttl”:0}
Dec 28 12:48:27 homeserver caddy\[70671\]: {“level”:“error”,“ts”:1766951307.5790465,“logger”:“dynamic_dns”,“msg”:“failed setting DNS record(s) with new IP add
ress(es)”,“zone”:“famdam.top”,“error”:“namecheap api returned error in response. Err: Error0: Domain name not found\\t”}
Dec 28 12:48:27 homeserver caddy\[70671\]: {“level”:“info”,“ts”:1766951307.5791023,“logger”:“dynamic_dns”,“msg”:“finished updating DNS”,“current_ips”:\[“207.20
4.57.77”\]}
Dec 28 12:49:42 homeserver caddy\[70671\]: {“level”:“debug”,“ts”:1766951382.2104208,“logger”:“events”,“msg”:“event”,“name”:“tls_get_certificate”,“id”:“b50c7f5
f-8489-40f5-8946-779a30eb22c1”,“origin”:“tls”,“data”:{“client_hello”:{“CipherSuites”:\[4865,4867,4866,49195,49199,52393,52392,49196,49200,49162,49161,49171,4
9172,156,157,47,53\],“ServerName”:“vaultwarden.famdam.top”,“SupportedCurves”:\[4588,29,23,24,25,256,257\],“SupportedPoints”:“AA==”,“SignatureSchemes”:\[1027,128
3,1539,2052,2053,2054,1025,1281,1537,515,513\],“SupportedProtos”:\[“h2”,“http/1.1”\],“SupportedVersions”:\[772,771\],“RemoteAddr”:{“IP”:“192.168.1.63”,“Port”:370
14,“Zone”:“”},“LocalAddr”:{“IP”:“192.168.1.60”,“Port”:443,“Zone”:“”}}}}
Dec 28 12:49:42 homeserver caddy\[70671\]: {“level”:“debug”,“ts”:1766951382.21051,“logger”:“tls.handshake”,“msg”:“choosing certificate”,“identifier”:“vaultwar
den.famdam.top”,“num_choices”:1}
Dec 28 12:49:42 homeserver caddy\[70671\]: {“level”:“debug”,“ts”:1766951382.210515,“logger”:“tls.handshake”,“msg”:“default certificate selection results”,“ide
ntifier”:“vaultwarden.famdam.top”,“subjects”:\[“vaultwarden.famdam.top”\],“managed”:true,“issuer_key”:“acme-v02.api.letsencrypt.org-directory”,“hash”:“3154678
d0da2c573549e5c996f293bf4feeb955b8eeeae975a109d10fabe373b”}
Dec 28 12:49:42 homeserver caddy\[70671\]: {“level”:“debug”,“ts”:1766951382.2105215,“logger”:“tls.handshake”,“msg”:“matched certificate in cache”,“remote_ip”:
“192.168.1.63”,“remote_port”:“37014”,“subjects”:\[“vaultwarden.famdam.top”\],“managed”:true,“expiration”:1766899033,“hash”:“3154678d0da2c573549e5c996f293bf4fe
eb955b8eeeae975a109d10fabe373b”}
Dec 28 12:49:42 homeserver caddy\[70671\]: {“level”:“debug”,“ts”:1766951382.215025,“logger”:“http.stdlib”,“msg”:“http: TLS handshake error from 192.168.1.63:3
7014: remote error: tls: expired certificate”}
Dec 28 12:49:47 homeserver caddy\[70671\]: {“level”:“error”,“ts”:1766951387.501337,“msg”:“cleaning up solver”,“identifier”:“test.famdam.top”,“challenge_type”:
“dns-01”,“error”:“no memory of presenting a DNS record for "*acme-challenge.test.famdam.top" (usually OK if presenting also failed)“,“stacktrace”:“github.
com/mholt/acmez/v3.(\*Client).solveChallenges.func1\\n\\tgithub.com/mholt/acmez/v3@v3.1.2/client.go:318\\ngithub.com/mholt/acmez/v3.(\*Client).solveChallenges\\n*
tgithub.com/mholt/acmez/v3@v3.1.2/client.go:363 *\\ngithub.com/mholt/acmez/v3.(\*Client).ObtainCertificate\\n\\tgithub.com/mholt/acmez/v3@v3.1.2/client.go:136\\ngi
thub.com/caddyserver/certmagic.(*ACMEIssuer).doIssue\\n\\tgithub.com/caddyserver/certmagic@v0.24.0/acmeissuer.go:489\\ngithub.com/caddyserver/certmagic.(\*ACMEI
ssuer).Issue\\n\\tgithub.com/caddyserver/certmagic@v0.24.0/acmeissuer.go:382\\ngithub.com/caddyserver/caddy/v2/modules/caddytls.(\*ACMEIssuer).Issue\\n\\tgithub.c
om/caddyserver/caddy/v2@v2.10.2/modules/caddytls/acmeissuer.go:288\\ngithub.com/caddyserver/certmagic.(\*Config).renewCert.func2\\n\\tgithub.com/caddyserver/cer
tmagic@v0.24.0/config.go:906\\ngithub.com/caddyserver/certmagic.doWithRetry\\n\\tgithub.com/caddyserver/certmagic@v0.24.0/async.go:104\\ngithub.com/caddyserver/
certmagic.(\*Config).renewCert\\n\\tgithub.com/caddyserver/certmagic@v0.24.0/config.go:982\\ngithub.com/caddyserver/certmagic.(\*Config).RenewCertAsync\\n\\tgithub
.com/caddyserver/certmagic@v0.24.0/config.go:768\\ngithub.com/caddyserver/certmagic.(\*Config).manageOne.func2\\n\\tgithub.com/caddyserver/certmagic@v0.24.0/con
fig.go:469\\ngithub.com/caddyserver/certmagic.(\*jobManager).worker\\n\\tgithub.com/caddyserver/certmagic@v0.24.0/async.go:73”}
Dec 28 12:49:47 homeserver caddy\[70671\]: {“level”:“debug”,“ts”:1766951387.6451786,“msg”:“http request”,“method”:“POST”,“url”:“https://acme-v02.api.letsencry
pt.org/acme/authz/2237117955/634470350626",“headers”:{“Content-Type”:[“application/jose+json”],“User-Agent”:["Caddy/2.10.2 CertMagic acmez (linux; amd64)”\]}
,“response_headers”:{“Boulder-Requester”:\[“2237117955”\],“Cache-Control”:\[“public, max-age=0, no-cache”\],“Content-Length”:\[“827”\],“Content-Type”:\[“applicatio
n/json”\],“Date”:\[“Sun, 28 Dec 2025 19:49:47 GMT”\],“Link”:\[“<https://acme-v02.api.letsencrypt.org/directory>;rel="index"”\],“Replay-Nonce”:\[“IijzadlS2m65yeh
KO_uprG1NmtjwfdfF8EmIZXCwj-Z3_eVyaFE”\],“Server”:\[“nginx”\],“Strict-Transport-Security”:\[“max-age=604800”\],“X-Frame-Options”:\[“DENY”\]},“status_code”:200}
Dec 28 12:49:47 homeserver caddy\[70671\]: {“level”:“error”,“ts”:1766951387.6454473,“logger”:“tls.renew”,“msg”:“could not get certificate from issuer”,“identi
fier”:“test.famdam.top”,“issuer”:“acme-v02.api.letsencrypt.org-directory”,“error”:”\[test.famdam.top\] solving challenges: presenting for challenge: adding te
mporary record for zone "famdam.top.": namecheap api returned error in response. Err: Error0: Domain name not found\\t (order=https://acme-v02.api.letsencr
ypt.org/acme/order/2237117955/463690914896) (ca=https://acme-v02.api.letsencrypt.org/directory)“}
Dec 28 12:49:47 homeserver caddy\[70671\]: {“level”:“debug”,“ts”:1766951387.645509,“logger”:“events”,“msg”:“event”,“name”:“cert_failed”,“id”:“d7793237-60c7-4f
fb-88a2-e97342c5bf39”,“origin”:“tls”,“data”:{“error”:{},“identifier”:“test.famdam.top”,“issuers”:\[“acme-v02.api.letsencrypt.org-directory”\],“remaining”:-521
80214280883,“renewal”:true}}
Dec 28 12:49:47 homeserver caddy\[70671\]: {“level”:“error”,“ts”:1766951387.6455784,“logger”:“tls.renew”,“msg”:“will retry”,“error”:”\[test.famdam.top\] Renew:
\[test.famdam.top\] solving challenges: presenting for challenge: adding temporary record for zone "famdam.top.": namecheap api returned error in response.
Err: Error0: Domain name not found\\t (order=https://acme-v02.api.letsencrypt.org/acme/order/2237117955/463690914896) (ca=https://acme-v02.api.letsencrypt.or
g/directory)“,“attempt”:1,“retrying_in”:60,“elapsed”:81.43156507,“max_duration”:2592000}
Dec 28 12:49:51 homeserver caddy\[70671\]: {“level”:“debug”,“ts”:1766951391.5901477,“logger”:“http.stdlib”,“msg”:“http: TLS handshake error from 198.235.24.21
4:50591: tls: client offered only unsupported versions: \[302 301\]”}
Dec 28 12:50:27 homeserver caddy\[70671\]: {“level”:“error”,“ts”:1766951427.078247,“msg”:“cleaning up solver”,“identifier”:“famdam.top”,“challenge_type”:“dns-
01”,“error”:“no memory of presenting a DNS record for "acme-challenge.famdam.top" (usually OK if presenting also failed)“,“stacktrace”:“* github.com/mholt/*
acmez/v3.(\*Client).solveChallenges.func1\\n\\tgithub.com/mholt/acmez/v3@v3.1.2/client.go:318\\ngithub.com/mholt/acmez/v3.(\*Client).solveChallenges\\n\\tgithub.co
m/mholt/acmez/v3@v3.1.2/client.go:363\\ngithub.com/mholt/acmez/v3.(\*Client).ObtainCertificate\\n\\tgithub.com/mholt/acmez/v3@v3.1.2/client.go:136\\ngithub.com/c
addyserver/certmagic.(\*ACMEIssuer).doIssue\\n\\tgithub.com/caddyserver/certmagic@v0.24.0/acmeissuer.go:489\\ngithub.com/caddyserver/certmagic.(\*ACMEIssuer).Iss
ue\\n\\tgithub.com/caddyserver/certmagic@v0.24.0/acmeissuer.go:382\\ngithub.com/caddyserver/caddy/v2/modules/caddytls.(\*ACMEIssuer).Issue\\n\\tgithub.com/caddyse
rver/caddy/v2@v2.10.2/modules/caddytls/acmeissuer.go:288\\ngithub.com/caddyserver/certmagic.(\*Config).renewCert.func2\\n\\tgithub.com/caddyserver/certmagic@v0.
24.0/config.go:906\\ngithub.com/caddyserver/certmagic.doWithRetry\\n\\tgithub.com/caddyserver/certmagic@v0.24.0/async.go:104\\ngithub.com/caddyserver/certmagic.
(\*Config).renewCert\\n\\tgithub.com/caddyserver/certmagic@v0.24.0/config.go:982\\ngithub.com/caddyserver/certmagic.(\*Config).RenewCertAsync\\n\\tgithub.com/caddy
server/certmagic@v0.24.0/config.go:768\\ngithub.com/caddyserver/certmagic.(\*Config).manageOne.func2\\n\\tgithub.com/caddyserver/certmagic@v0.24.0/config.go:469
\\ngithub.com/caddyserver/certmagic.(\*jobManager).worker\\n\\tgithub.com/caddyserver/certmagic@v0.24.0/async.go:73”}
Dec 28 12:50:27 homeserver caddy\[70671\]: {“level”:“debug”,“ts”:1766951427.2065034,“msg”:“http request”,“method”:“POST”,“url”:“https://acme-v02.api.letsencry
pt.org/acme/authz/2237117955/634470350756",“headers”:{“Content-Type”:[“application/jose+json”],“User-Agent”:["Caddy/2.10.2 CertMagic acmez (linux; amd64)”\]}
,“response_headers”:{“Boulder-Requester”:\[“2237117955”\],“Cache-Control”:\[“public, max-age=0, no-cache”\],“Content-Length”:\[“822”\],“Content-Type”:\[“applicatio
n/json”\],“Date”:\[“Sun, 28 Dec 2025 19:50:27 GMT”\],“Link”:\[“<https://acme-v02.api.letsencrypt.org/directory>;rel="index"”\],“Replay-Nonce”:\[“GxwILcG0QJQGjaC
1A2CAou_49rbHpVF1rxTIIbSAors82vzznnI”\],“Server”:\[“nginx”\],“Strict-Transport-Security”:\[“max-age=604800”\],“X-Frame-Options”:\[“DENY”\]},“status_code”:200}
Dec 28 12:50:27 homeserver caddy\[70671\]: {“level”:“error”,“ts”:1766951427.20695,“logger”:“tls.renew”,“msg”:“could not get certificate from issuer”,“identifi
er”:“famdam.top”,“issuer”:“acme-v02.api.letsencrypt.org-directory”,“error”:”\[famdam.top\] solving challenges: presenting for challenge: adding temporary reco
rd for zone "famdam.top.": namecheap api returned error in response. Err: Error0: Domain name not found\\t (order=https://acme-v02.api.letsencrypt.org/acme
/order/2237117955/463690915016) (ca=https://acme-v02.api.letsencrypt.org/directory)“}
Dec 28 12:50:27 homeserver caddy\[70671\]: {“level”:“debug”,“ts”:1766951427.2070315,“logger”:“events”,“msg”:“event”,“name”:“cert_failed”,“id”:“73034bea-dcbf-4
c13-9bb4-38557193541d”,“origin”:“tls”,“data”:{“error”:{},“identifier”:“famdam.top”,“issuers”:\[“acme-v02.api.letsencrypt.org-directory”\],“remaining”:-5222021
4657095,“renewal”:true}}
Dec 28 12:50:27 homeserver caddy\[70671\]: {“level”:“error”,“ts”:1766951427.2070892,“logger”:“tls.renew”,“msg”:“will retry”,“error”:”\[famdam.top\] Renew: \[famd
am.top\] solving challenges: presenting for challenge: adding temporary record for zone "famdam.top.": namecheap api returned error in response. Err: Error
0: Domain name not found\\t (order=https://acme-v02.api.letsencrypt.org/acme/order/2237117955/463690915016) (ca=https://acme-v02.api.letsencrypt.org/director
y)",“attempt”:1,“retrying_in”:60,“elapsed”:120.992838384,“max_duration”:2592000}
Dec 28 12:50:47 homeserver caddy\[70671\]: {“level”:“info”,“ts”:1766951447.6469228,“logger”:“tls.renew”,“msg”:“renewing certificate”,“identifier”:“test.famdam
.top”,“remaining”:-52321.64691117}
Dec 28 12:50:47 homeserver caddy\[70671\]: {“level”:“debug”,“ts”:1766951447.6470153,“logger”:“events”,“msg”:“event”,“name”:“cert_obtaining”,“id”:“0da15062-3fb
4-4dd5-af97-027ed6768ab4”,“origin”:“tls”,“data”:{“forced”:false,“identifier”:“test.famdam.top”,“issuer”:“acme-v02.api.letsencrypt.org-directory”,“remaining”
:-52321646911170,“renewal”:true}}
Dec 28 12:50:47 homeserver caddy\[70671\]: {“level”:“debug”,“ts”:1766951447.6472313,“logger”:“tls”,“msg”:“created CSR”,“identifiers”:\[“test.famdam.top”\],"san*
dns_names”:\[“test.famdam.top”\],“san_emails”:\[\],“common_name”:”“,“extra_extensions”:0}
Dec 28 12:50:47 homeserver caddy\[70671\]: {“level”:“debug”,“ts”:1766951447.6488776,“logger”:“http”,“msg”:“using existing ACME account because key found in st
orage associated with email”,“email”:“default”,“ca”:“https://acme-v02.api.letsencrypt.org/directory”}
Dec 28 12:50:47 homeserver caddy\[70671\]: {“level”:“debug”,“ts”:1766951447.6493444,“logger”:“http”,“msg”:“using existing ACME account because key found in st
orage associated with email”,“email”:”“,“ca”:“https://acme-staging-v02.api.letsencrypt.org/directory”}
Dec 28 12:50:47 homeserver caddy\[70671\]: {“level”:“info”,“ts”:1766951447.6493893,“logger”:“http”,“msg”:“using ACME account”,“account_id”:“https://acme-stagi
ng-v02.api.letsencrypt.org/acme/acct/185625174","account_contact”:\[\]}
Dec 28 12:50:47 homeserver caddy\[70671\]: {“level”:“debug”,“ts”:1766951447.7872171,“msg”:“http request”,“method”:“GET”,“url”:“https://acme-staging-v02.api.le
tsencrypt.org/directory",“headers”:{“User-Agent”:["Caddy/2.10.2 CertMagic acmez (linux; amd64)”\]},“response_headers”:{“Cache-Control”:\[“public, max-age=0, n
o-cache”\],“Content-Length”:\[“1107”\],“Content-Type”:\[“application/json”\],“Date”:\[“Sun, 28 Dec 2025 19:50:47 GMT”\],“Server”:\[“nginx”\],“Strict-Transport-Securi
ty”:\[“max-age=604800”\],“X-Frame-Options”:\[“DENY”\]},“status_code”:200}
Dec 28 12:50:47 homeserver caddy\[70671\]: {“level”:“debug”,“ts”:1766951447.7874355,“msg”:“creating order”,“account”:“https://acme-staging-v02.api.letsencrypt
.org/acme/acct/185625174”,“identifiers”:\[“test.famdam.top”\]}
Dec 28 12:50:47 homeserver caddy\[70671\]: {“level”:“debug”,“ts”:1766951447.8823273,“msg”:“http request”,“method”:“HEAD”,“url”:“https://acme-staging-v02.api.l
etsencrypt.org/acme/new-nonce",“headers”:{“User-Agent”:["Caddy/2.10.2 CertMagic acmez (linux; amd64)”\]},“response_headers”:{“Cache-Control”:\[“public, max-ag
e=0, no-cache”\],“Date”:\[“Sun, 28 Dec 2025 19:50:47 GMT”\],“Link”:\[“<https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"”\],“Replay-Nonce”:\[”
0t1BB3M7gbmukxz-5PFTgZvRtc-I7q5XXILPrIu560mxalLSQOI"\],“Server”:\[“nginx”\],“Strict-Transport-Security”:\[“max-age=604800”\],“X-Frame-Options”:\[“DENY”\]},"status
code”:200}
Dec 28 12:50:47 homeserver caddy\[70671\]: {“level”:“debug”,“ts”:1766951447.9260323,“msg”:“http request”,“method”:“POST”,“url”:“https://acme-staging-v02.api.l
etsencrypt.org/acme/new-order",“headers”:{“Content-Type”:[“application/jose+json”],“User-Agent”:["Caddy/2.10.2 CertMagic acmez (linux; amd64)”\]},“response_h
eaders”:{“Boulder-Requester”:\[“185625174”\],“Cache-Control”:\[“public, max-age=0, no-cache”\],“Content-Length”:\[“361”\],“Content-Type”:\[“application/json”\],“Dat
e”:\[“Sun, 28 Dec 2025 19:50:47 GMT”\],“Link”:\[“<https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"”\],“Location”:\[“https://acme-staging-v02
.api.letsencrypt.org/acme/order/185625174/29978095773”\],“Replay-Nonce”:\[“0t1BB3M7J-U2TtCcKYRnddz1l_Uvb4e08_zxK7qOp-xE1h0uPa0”\],“Server”:\[“nginx”\],“Strict-Tr
ansport-Security”:\[“max-age=604800”\],“X-Frame-Options”:\[“DENY”\]},“status_code”:201}
Dec 28 12:50:47 homeserver caddy\[70671\]: {“level”:“debug”,“ts”:1766951447.9630847,“msg”:“http request”,“method”:“POST”,“url”:“https://acme-staging-v02.api.l
etsencrypt.org/acme/authz/185625174/20923664153",“headers”:{“Content-Type”:[“application/jose+json”],“User-Agent”:["Caddy/2.10.2 CertMagic acmez (linux; amd
64)”\]},“response_headers”:{“Boulder-Requester”:\[“185625174”\],“Cache-Control”:\[“public, max-age=0, no-cache”\],“Content-Length”:\[“841”\],“Content-Type”:\[“appli
cation/json”\],“Date”:\[“Sun, 28 Dec 2025 19:50:47 GMT”\],“Link”:\[“<https://acme-staging-v02.api.letsencrypt.org/directory>;rel="index"”\],“Replay-Nonce”:\[“0t
1BB3M7qelHAP_jM4saRpXljti7dtRypOQY9u-JzmLwUKZduho”\],“Server”:\[“nginx”\],“Strict-Transport-Security”:\[“max-age=604800”\],“X-Frame-Options”:\[“DENY”\]},“status_co
de”:200}
Dec 28 12:50:47 homeserver caddy\[70671\]: {“level”:“debug”,“ts”:1766951447.9633846,“msg”:“no solver configured”,“challenge_type”:“tls-alpn-01”}
Dec 28 12:50:47 homeserver caddy\[70671\]: {“level”:“info”,“ts”:1766951447.9634116,“msg”:“trying to solve challenge”,“identifier”:“test.famdam.top”,“challenge
\_type”:“dns-01”,“ca”:“https://acme-staging-v02.api.letsencrypt.org/directory”}

3. Caddy version:

v2.10.2 h1:g/gTYjGMD0dec+UgMw8SnfmJ3I9+M2TdvoRL/Ovu6U8=

4. How I installed and ran Caddy:

xcaddy build --with github.com/caddy-dns/namecheap --with github.com/mholt/caddy-dynamicdns -- with github.com/hslatman/caddy-crowdsec-bouncer

a. System environment:

Arch Linux using linux-hardened kernel, x86_64
Rootless Podman

b. Command:

systemctl --user start caddy.socket

c. Service/unit/compose file:

[Unit]
Wants=podman-user-wait-network-online.service
After=podman-user-wait-network-online.service
AssertPathExists=%h/.local/share/containers/storage/caddy/Caddyfile
SourcePath=/home/riley/.config/containers/systemd/caddy.container
RequiresMountsFor=%t/containers
Requires=dns-network.service
After=dns-network.service
Requires=vaultwarden-network.service
After=vaultwarden-network.service
Requires=ts-net-network.service
After=ts-net-network.service
Requires=immich-network.service
After=immich-network.service
Requires=radicale-network.service
After=radicale-network.service
Requires=crowdsec-network.service
After=crowdsec-network.service
Requires=atlas-cmms-network.service
After=atlas-cmms-network.service
RequiresMountsFor=/srv/www

[X-Container]
ContainerName=caddy
Image=docker.io/library/caddy
Exec=/usr/bin/caddy run --config /etc/caddy/Caddyfile
Environment=EMAIL=rileymotter@protonmail.com
Environment=LOG_FILE=/data/access.log
Secret=NAMECHEAP_API_KEY,type=env,target=NAMECHEAP_API_KEY
Secret=NAMECHEAP_API_USER,type=env,target=NAMECHEAP_API_USER
Secret=CROWDSEC_API_KEY,type=env,target=CROWDSEC_API_KEY
Volume=%h/.local/share/containers/storage/caddy/caddy:/usr/bin/caddy
Volume=%h/.local/share/containers/storage/caddy/Caddyfile:/etc/caddy/Caddyfile
Volume=%h/.local/share/containers/storage/caddy/caddy-config:/config
Volume=%h/.local/share/containers/storage/caddy/caddy-data:/data
Volume=%h/.local/share/containers/storage/caddy/log.d:/data/log.d
Volume=/srv/www:/srv/www:ro
Notify=true
Memory=256m

Network=dns.network
AddHost=pihole:172.17.0.5
AddHost=unbound:172.17.0.20

Network=vaultwarden.network
AddHost=vaultwarden:172.19.0.5

Network=ts-net.network
AddHost=ts3-server:172.20.0.10

Network=immich.network
AddHost=immich-infra:10.89.1.21

Network=radicale.network
AddHost=radicale:10.89.2.3

Network=crowdsec.network
AddHost=crowdsec:10.89.0.4

Network=atlas-cmms.network
AddHost=atlas-cmms-infra:10.89.5.21

[Install]
WantedBy=default.target

[Service]
#Restart=always
ExecReload=/usr/bin/podman exec caddy /usr/bin/caddy reload --config /etc/caddy/Caddyfile --force
Environment=PODMAN_SYSTEMD_UNIT=%n
KillMode=mixed
ExecStop=/usr/bin/podman rm -v -f -i caddy
ExecStopPost=-/usr/bin/podman rm -v -f -i caddy
Delegate=yes
Type=notify
NotifyAccess=all
SyslogIdentifier=%N
ExecStart=/usr/bin/podman run --name caddy --replace --rm --cgroups=split --memory 256m --add-host pihole:172.17.0.5 --add-host unbound:172.17.0.20 --add-ho
st vaultwarden:172.19.0.5 --add-host ts3-server:172.20.0.10 --add-host immich-infra:10.89.1.21 --add-host radicale:10.89.2.3 --add-host crowdsec:10.89.0.4 -
-add-host atlas-cmms-infra:10.89.5.21 --network dns --network vaultwarden --network ts-net --network immich --network radicale --network crowdsec --network
atlas-cmms --sdnotify=container -d -v %h/.local/share/containers/storage/caddy/caddy:/usr/bin/caddy -v %h/.local/share/containers/storage/caddy/Caddyfile:/e
tc/caddy/Caddyfile -v %h/.local/share/containers/storage/caddy/caddy-config:/config -v %h/.local/share/containers/storage/caddy/caddy-data:/data -v %h/.loca
l/share/containers/storage/caddy/log.d:/data/log.d -v /srv/www:/srv/www:ro --env EMAIL=rileymotter@protonmail.com --env LOG_FILE=/data/access.log --secret N
AMECHEAP_API_KEY,type=env,target=NAMECHEAP_API_KEY --secret NAMECHEAP_API_USER,type=env,target=NAMECHEAP_API_USER --secret CROWDSEC_API_KEY,type=env,target=
CROWDSEC_API_KEY docker.io/library/caddy /usr/bin/caddy run --config /etc/caddy/Caddyfile

d. My complete Caddy config:

{
        debug
        crowdsec {
                api_url http://crowdsec:8080
                api_key {env.CROWDSEC_API_KEY}
        }
        dynamic_dns {
                provider namecheap {
                        api_key {env.NAMECHEAP_API_KEY}
                        user {env.NAMECHEAP_API_USER}
                }
                domains {
                        famdam.top
                }
#               versions ipv4
        }
        acme_dns namecheap {
                api_key {env.NAMECHEAP_API_KEY}
                user {env.NAMECHEAP_API_USER}
                api_endpoint https://api.namecheap.com/xml.response
        }
}

famdam.top {
        bind fd/3 {
                protocols h1
        }
        bind fd/4 {
                protocols h1 h2
        }
        bind fdgram/5 {
                protocols h3
        }

        log {
                output file /data/log.d/famdam.log {
                        roll_local_time
                        mode 644
                        roll_keep_for 48h
                }       
        }

        root * /srv/www

        encode zstd gzip

        file_server {
                browse
        }

        @nicholson {
                file yes.gif
        }
}

vaultwarden.famdam.top {
        bind fd/3 {
                protocols h1
        }
        bind fd/4 {
                protocols h1 h2
        }
        bind fdgram/5 {
                protocols h3
        }

        log {
                output file /data/log.d/vaultwarden.log {
                        roll_local_time
                        mode 644
                        roll_keep_for 48h
                }       
        }
         
        reverse_proxy vaultwarden:80 {
                header_up X-Real-IP {remote_host}

        }
#       import admin_redir
}

immich.famdam.top {
        bind fd/3 {
                protocols h1
        }
        bind fd/4 {
                protocols h1 h2
        }
        bind fdgram/5 {
                protocols h3
        }

        log {
                output file /data/log.d/immich.log {
                        roll_local_time
                        mode 644
                        roll_keep_for 48h
                }       
        }
         
        reverse_proxy immich-infra:2283 {
                header_up X-Forwarded-For {remote_ip}
                header_up X-Forwarded-Host {host}
                header_up X-Forwarded-Proto {scheme}
        }
}

radicale.famdam.top {
        bind fd/3 {
                protocols h1
        }
        bind fd/4 {
                protocols h1 h2
        }
        bind fdgram/5 {
                protocols h3
        }

        log {
                output file /data/log.d/radicale.log {
                        roll_local_time
                        mode 644
                        roll_keep_for 48h
                }       
        }
         
        reverse_proxy radicale:5232
        encode zstd gzip
}

wireguard.famdam.top {
        bind fd/3 {
                protocols h1
        }
        bind fd/4 {
                protocols h1 h2
        }
        bind fdgram/5 {
                protocols h3
        }

        log {
                output file /data/log.d/wireguard.log {
                        roll_local_time
                        mode 644
                        roll_keep_for 48h
                }       
        }

        reverse_proxy wireguard:80
        encode zstd gzip
}

pihole.famdam.top {
        bind fd/3 {
                protocols h1
        }
        bind fd/4 {
                protocols h1 h2
        }
        bind fdgram/5 {
                protocols h3
        }

        log {
                output file /data/log.d/pihole.log {
                        roll_local_time
                        mode 644
                        roll_keep_for 48h
                }       
        }
        reverse_proxy pihole:80
        encode zstd gzip
}

test.famdam.top {
        bind fd/3 {
                protocols h1
        }
        bind fd/4 {
                protocols h1 h2
        }
        bind fdgram/5 {
                protocols h3
        }
        root * /srv/www

        log {
                output file /data/log.d/test.log {
                        roll_local_time
                        mode 644
                        roll_keep_for 48h
                }       
        }

        encode zstd gzip

        file_server

        handle_path /watcher* {
            root * /srv/www/frontend/watcher
#           try_files {path} {file} /index.html
#           file_server browse
        }
        handle /broadcaster* {
#               uri strip_prefix /broadcaster
            root * /srv/www/frontend
#           try_files {path} {file} /index.html
#           file_server browse
        }
}
 
cmms.famdam.top {
        bind fd/3 {
                protocols h1
        }
        bind fd/4 {
                protocols h1 h2
        }
        bind fdgram/5 {
                protocols h3
        }

        log {
                output file /data/log.d/cmms.log {
                        roll_local_time
                        mode 644
                        roll_keep_for 48h
                }       
        }
        handle_path /api/* {
                reverse_proxy atlas-cmms-infra:8080
        }
        handle {
                reverse_proxy atlas-cmms-infra:3000
        }
}

minio.famdam.top {
        bind fd/3 {
                protocols h1
        }
        bind fd/4 {
                protocols h1 h2
        }
        bind fdgram/5 {
                protocols h3
        }

        log {
                output file /data/log.d/cmms-minio.log {
                        roll_local_time
                        mode 644
                        roll_keep_for 48h
                }       
        }
        reverse_proxy atlas-cmms-infra:9000
}

5. Links to relevant resources:

https://namecheap.com/support/api/intro/

TheRettom · January 4, 2026, 3:58pm

An update:
I’ve spent like 12+ hours digging into this and have ruled out the standard credential/whitelist issues. Despite the “Domain name not found” error, the domain is active and the setup was functional until recently. I’ve updated to Caddy 2.11 beta as a last resort hoping that something would be fixed.

What I’ve verified:

IP Whitelisting: Confirmed my host’s public IP is whitelisted. Verified inside the container via podman exec -it caddy wget -qO- https://ifconfig.me that the outbound IP matches the whitelist. Obviously with that command, I verified the container’s outbound IP inside the pod; it matches my host’s public IP exactly, confirming that Rootless Podman networking isn’t masking my identity to the Namecheap API.
API Credentials: Generated a brand new Production API key 3 days ago. Verified the environment variables inside the container (podman exec caddy env) are populating correctly and not being truncated.
Endpoint: Using https://api.namecheap.com/xml.response.
Networking: ip_unprivileged_port_start is set to 53; Caddy is successfully hitting the Namecheap API (it’s getting a specific XML error back, not a timeout).

The Error: adding temporary record for zone "famdam.top.": namecheap api returned error in response. Err: Error0: Domain name not found

Since my configuration hasn’t changed, is it possible there’s a regression in the Namecheap DNS provider or a change in how Namecheap handles API requests for .top TLDs? Normal API calls outside of Caddy work fine, it’s only within Caddy that there is a problem happening.

TheRettom · January 6, 2026, 3:17am

After being frustrated about this for days and not having any help here (very surprising, by the way), I’ve finally decided to move over to Cloudflare’s DNS servers and API. After making the full conversion, there’s absolutely no issues with getting new certificates and no cries about the domain not being found. I believe there is some regression somewhere with Namecheap, and it’s honestly disappointing.

Tl;dr, use Cloudflare. Their Caddy plugin has the most support and use and I don’t know why I thought I’d be fine.

I’d love to figure out where the problem actually lies, and I feel like it’s something within Namecheap’s API infrastructure. If anybody cares to investigate, I’d love to know.

timelordx · January 6, 2026, 6:08am

I absolutely hate NameCheap’s API approach. They are the worst! I’d never use their API.

This is how I get my wildcard cert for Caddy with NameCheap:

TheRettom · January 6, 2026, 5:24pm

Yeah, I’ve read that a few times at least in the last year. It’s a good writeup. Maybe I should have taken the things you said as a sign I should move to Cloudflare immediately.

Thanks for your post.