Using dynamic_dns plugin with Cloudflare returns Code:6003 and Code:6111 errors

TC.exe · October 4, 2024, 10:47am

1. The problem I’m having:

I’m trying to setup DynamicDNS via Caddy using the mholt/caddy-dynamicdns and caddy-dns/cloudflare, as I have registered a domain via Cloudflare. I don’t believe it’s functioning correctly as sudo systemctl status caddy returns authentication errors I believe are coming from Cloudflare (based on comments I’ve found in other help topics), and I’ve tried setting the IPs on Cloudflare to different IPs to test if it was working anyway, it didn’t appear to be after restarting Caddy.

2. Error messages and/or full log output:

Full output from system boot onwards:

-- Boot cf9746c6657e418b88ba21658622f45d --
Oct 04 09:46:37 jelly-pc systemd[1]: Starting caddy.service - Caddy...
Oct 04 09:46:37 jelly-pc caddy[3072]: caddy.HomeDir=/var/lib/caddy
Oct 04 09:46:37 jelly-pc caddy[3072]: caddy.AppDataDir=/var/lib/caddy/.local/share/caddy
Oct 04 09:46:37 jelly-pc caddy[3072]: caddy.AppConfigDir=/var/lib/caddy/.config/caddy
Oct 04 09:46:37 jelly-pc caddy[3072]: caddy.ConfigAutosavePath=/var/lib/caddy/.config/caddy/autosave.json
Oct 04 09:46:37 jelly-pc caddy[3072]: caddy.Version=v2.8.4 h1:q3pe0wpBj1OcHFZ3n/1nl4V4bxBrYoSoab7rL9BMYNk=
Oct 04 09:46:37 jelly-pc caddy[3072]: runtime.GOOS=linux
Oct 04 09:46:37 jelly-pc caddy[3072]: runtime.GOARCH=amd64
Oct 04 09:46:37 jelly-pc caddy[3072]: runtime.Compiler=gc
Oct 04 09:46:37 jelly-pc caddy[3072]: runtime.NumCPU=12
Oct 04 09:46:37 jelly-pc caddy[3072]: runtime.GOMAXPROCS=12
Oct 04 09:46:37 jelly-pc caddy[3072]: runtime.Version=go1.22.2
Oct 04 09:46:37 jelly-pc caddy[3072]: os.Getwd=/
Oct 04 09:46:37 jelly-pc caddy[3072]: LANG=en_US.UTF-8
Oct 04 09:46:37 jelly-pc caddy[3072]: PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/snap/bin
Oct 04 09:46:37 jelly-pc caddy[3072]: NOTIFY_SOCKET=/run/systemd/notify
Oct 04 09:46:37 jelly-pc caddy[3072]: USER=caddy
Oct 04 09:46:37 jelly-pc caddy[3072]: LOGNAME=caddy
Oct 04 09:46:37 jelly-pc caddy[3072]: HOME=/var/lib/caddy
Oct 04 09:46:37 jelly-pc caddy[3072]: INVOCATION_ID=eb9282e79dc44525ac894c60d071c423
Oct 04 09:46:37 jelly-pc caddy[3072]: JOURNAL_STREAM=8:13210
Oct 04 09:46:37 jelly-pc caddy[3072]: SYSTEMD_EXEC_PID=3072
Oct 04 09:46:37 jelly-pc caddy[3072]: MEMORY_PRESSURE_WATCH=/sys/fs/cgroup/system.slice/caddy.service/memory.pressure
Oct 04 09:46:37 jelly-pc caddy[3072]: MEMORY_PRESSURE_WRITE=c29tZSAyMDAwMDAgMjAwMDAwMAA=
Oct 04 09:46:37 jelly-pc caddy[3072]: {"level":"info","ts":1728035197.468926,"msg":"using config from file","file":"/etc/caddy/Caddyfile"}
Oct 04 09:46:37 jelly-pc caddy[3072]: {"level":"info","ts":1728035197.473716,"msg":"adapted config to JSON","adapter":"caddyfile"}
Oct 04 09:46:37 jelly-pc caddy[3072]: {"level":"info","ts":1728035197.4756858,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
Oct 04 09:46:37 jelly-pc caddy[3072]: {"level":"info","ts":1728035197.476056,"logger":"http.auto_https","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
Oct 04 09:46:37 jelly-pc caddy[3072]: {"level":"info","ts":1728035197.4760644,"logger":"http.auto_https","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
Oct 04 09:46:37 jelly-pc caddy[3072]: {"level":"info","ts":1728035197.4770815,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc0006dd180"}
Oct 04 09:46:37 jelly-pc caddy[3072]: {"level":"info","ts":1728035197.4795215,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
Oct 04 09:46:37 jelly-pc caddy[3072]: {"level":"info","ts":1728035197.4795687,"msg":"failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 7168 kiB, got: 416 kiB). See https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes for details."}
Oct 04 09:46:37 jelly-pc caddy[3072]: {"level":"info","ts":1728035197.481027,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
Oct 04 09:46:37 jelly-pc caddy[3072]: {"level":"info","ts":1728035197.481067,"logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","protocols":["h1","h2","h3"]}
Oct 04 09:46:37 jelly-pc caddy[3072]: {"level":"info","ts":1728035197.4810722,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["t4ngo.xyz"]}
Oct 04 09:46:37 jelly-pc caddy[3072]: {"level":"info","ts":1728035197.496578,"logger":"tls","msg":"storage cleaning happened too recently; skipping for now","storage":"FileStorage:/var/lib/caddy/.local/share/caddy","instance":"7ea5fa63-f812-450f-bc54-78ec68e8b0b1","try_again":1728121597.4965768,"try_again_in":86399.999999702}
Oct 04 09:46:37 jelly-pc caddy[3072]: {"level":"info","ts":1728035197.496642,"logger":"tls","msg":"finished cleaning storage units"}
Oct 04 09:46:37 jelly-pc caddy[3072]: {"level":"info","ts":1728035197.4974716,"msg":"autosaved config (load with --resume flag)","file":"/var/lib/caddy/.config/caddy/autosave.json"}
Oct 04 09:46:37 jelly-pc caddy[3072]: {"level":"info","ts":1728035197.4975026,"msg":"serving initial configuration"}
Oct 04 09:46:37 jelly-pc systemd[1]: Started caddy.service - Caddy.
Oct 04 09:46:37 jelly-pc caddy[3072]: {"level":"error","ts":1728035197.881608,"logger":"dynamic_dns","msg":"unable to lookup current IPs from DNS records","error":"got error status: HTTP 400: [{Code:6003 Message:Invalid request headers ErrorChain:[{Code:6111 Message:Invalid format for Authorization header}]}]"}
Oct 04 09:46:37 jelly-pc caddy[3072]: {"level":"info","ts":1728035197.933121,"logger":"dynamic_dns","msg":"updating DNS record","zone":"t4ngo.xyz","type":"A","name":"@","value":"116.255.4.93","ttl":0}
Oct 04 09:46:37 jelly-pc caddy[3072]: {"level":"info","ts":1728035197.9331403,"logger":"dynamic_dns","msg":"updating DNS record","zone":"t4ngo.xyz","type":"A","name":"www","value":"116.255.4.93","ttl":0}
Oct 04 09:46:38 jelly-pc caddy[3072]: {"level":"error","ts":1728035198.1498227,"logger":"dynamic_dns","msg":"failed setting DNS record(s) with new IP address(es)","zone":"t4ngo.xyz","error":"got error status: HTTP 400: [{Code:6003 Message:Invalid request headers ErrorChain:[{Code:6111 Message:Invalid format for Authorization header}]}]"}
Oct 04 09:46:38 jelly-pc caddy[3072]: {"level":"info","ts":1728035198.1498814,"logger":"dynamic_dns","msg":"finished updating DNS","current_ips":["116.255.4.93"]}

The two problematic lines (extracted from the log above):

Oct 04 09:46:37 jelly-pc caddy[3072]: {"level":"error","ts":1728035197.881608,"logger":"dynamic_dns","msg":"unable to lookup current IPs from DNS records","error":"got error status: HTTP 400: [{Code:6003 Message:Invalid request headers ErrorChain:[{Code:6111 Message:Invalid format for Authorization header}]}]"}
Oct 04 09:46:38 jelly-pc caddy[3072]: {"level":"error","ts":1728035198.1498227,"logger":"dynamic_dns","msg":"failed setting DNS record(s) with new IP address(es)","zone":"t4ngo.xyz","error":"got error status: HTTP 400: [{Code:6003 Message:Invalid request headers ErrorChain:[{Code:6111 Message:Invalid format for Authorization header}]}]"}

3. Caddy version:

v2.8.4 h1:q3pe0wpBj1OcHFZ3n/1nl4V4bxBrYoSoab7rL9BMYNk=

4. How I installed and ran Caddy:

a. System environment:

Running on an Ubuntu 24.04.1 LTS (GNU/Linux 6.8.0-45-generic x86_64).
Caddy is not running in Docker.
I’m using Caddyfile, which is stored in /etc/caddy/Caddyfile.

Added the two plugins to Caddy with xcaddy, and then replaced the old Caddy with:

sudo xcaddy build --with github.com/caddy-dns/cloudflare --with github.com/mholt/caddy-dynamicdns
mv caddy /usr/bin/caddy

b. Command:

I run Caddy via systemctl, using the following commands:

sudo systemctl start caddy
sudo systemctl restart caddy
sudo systemctl stop caddy
sudo systemctl status caddy

I’ve only really been using restart and status.

d. My complete Caddy config:

My Caddyfile also contains reverse_proxy settings for my jellyfin and transmission instances (which are running in docker), the full file is:

# Global Options
{
        dynamic_dns {
                provider cloudflare {env.CF_API_TOKEN}
                domains {
                        t4ngo.xyz @ www
                }
                versions ipv4
        }
}

# Cloudflare Domain
t4ngo.xyz {
        # Jellyfin configuration
        redir /jellyfin /jellyfin/
        reverse_proxy /jellyfin/* 127.0.0.1:8096

        # Transmission configuration
        redir /transmission /transmission/
        reverse_proxy /transmission/* 127.0.0.1:9091
}

6. Other relevant information:

Also worth noting that my ~/.bashrc has my API token at the bottom: export CF_API_TOKEN="IHAVEREPLACEDTHETOKENWITHTHISTEXT", the token is 40 characters worth of numbers, letters, and a few symbols.

On Cloudflare, I have two DNS records for t4ngo.xyz. They’re both A type .One name is set to t4ngo.xyz, the other is www. Proxy status is ‘DNS only’ for both. TTL is set to auto for both.

My API token permissions are Zone.Zone, Zone.DNS, resources set to All zones. I have tried remaking this token with several different configurations, but none seem to be working.

Also, I’m relatively new to running a machine like this, although I do have some experience with Ubuntu, running Docker, Jellyfin, and Caddy are all new to me. If I’ve left anything out, please let me know. Thanks heaps for any help.

francislavoie · October 5, 2024, 9:11am

This is saying your Cloudflare token is in the wrong format. Are you sure you have the env var set properly?

That’s incorrect, ~/.bashrc is for your own user, but Caddy runs as the caddy user. See the docs for setting up systemd overrides including env vars:

TC.exe · October 6, 2024, 3:06am

Thanks for the information Francis, I’ve managed to solve the issue with your guidance. In case it helps anyone in future, I’ll detail what happened.

Referencing the Keep Caddy Running page, using sudo systemctl edit caddy I added the following into the area marked as drop-in file contents:

[Service]
EnvironmentFile=/etc/caddy/.env

I then used sudo nano /etc/caddy/.env and added my API token as follows:

[Service]
Environment="CF_API_TOKEN=R4ND0ML3TT3R5PR3T3ND1N92BAT0K3N"

THIS WAS WRONG. Caddy failed to restart after doing this.

I realised that the .env file was already using [service] and also assumed the EnvironmentFile part meant I didn’t need to mention Environment again either. So, I modified the file again with sudo nano /etc/caddy/.env so now it looks like this:

CF_API_TOKEN=R4ND0ML3TT3R5PR3T3ND1N92BAT0K3N

THIS WORKED! After restarting Caddy, I checked for the errors in systemctd status caddy and could no longer see them. I went back to Cloudflare and temporarily changed one of the IP addresses to the wrong address, I restarted Caddy then refreshed my Cloudflare dashboard and found that the IP had been updated correctly.

The overrides section links to this page that explains the EnvironmentFile command. I’ll admit that my reading comprehension can be poor sometimes. After the fact, I found that the information I needed was in there.

Hopefully this helps someone else, and thanks again @francislavoie

francislavoie · October 6, 2024, 3:10pm

TC.exe:

I then used sudo nano /etc/caddy/.env and added my API token as follows:
[Service]
Environment="CF_API_TOKEN=R4ND0ML3TT3R5PR3T3ND1N92BAT0K3N"
THIS WAS WRONG. Caddy failed to restart after doing this.

Ah, good feedback, we assumed that users would know how a .env file should look since it’s pretty common these days. We can clarify that there.

I just updated the docs with that: Keep Caddy Running — Caddy Documentation

system · November 5, 2024, 3:10pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.