Thanks francis
here’s with debug on:
Sep 06 21:03:11 : {"level":"info","ts":1630962191.2186203,"logger":"tls.obtain","msg":"acquiring lock","identifier":"zanj.cc"}
Sep 06 21:03:11 : {"level":"info","ts":1630962191.2223136,"logger":"tls.obtain","msg":"lock acquired","identifier":"zanj.cc"}
Sep 06 21:03:11 : {"level":"debug","ts":1630962191.222582,"logger":"tls.obtain","msg":"trying issuer 1/2","issuer":"acme-v02.api.letsencrypt.org-directory"}
Sep 06 21:03:11 : {"level":"info","ts":1630962191.2228062,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["zanj.cc"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":""}
Sep 06 21:03:11 : {"level":"info","ts":1630962191.2228127,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["zanj.cc"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":""}
Sep 06 21:03:11 : {"level":"debug","ts":1630962191.2268453,"logger":"tls.obtain","msg":"trying issuer 1/2","issuer":"acme-v02.api.letsencrypt.org-directory"}
Sep 06 21:03:11 : {"level":"debug","ts":1630962191.7923746,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"GET","url":"https://acme-v02.api.letsencrypt.org/directory","headers":{"User-Agent":["Caddy/2.4.5 CertMagic acmez (linux; amd64)"]},"response_headers":{"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["658"],"Content-Type":["application/json"],"Date":["Mon, 06 Sep 2021 21:03:11 GMT"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
Sep 06 21:03:11 : {"level":"debug","ts":1630962191.9205813,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"HEAD","url":"https://acme-v02.api.letsencrypt.org/acme/new-nonce","headers":{"User-Agent":["Caddy/2.4.5 CertMagic acmez (linux; amd64)"]},"response_headers":{"Cache-Control":["public, max-age=0, no-cache"],"Date":["Mon, 06 Sep 2021 21:03:11 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["0101t3P0Lxe9RlInQcoq_Rdoh_4cwV6-wpbneVcgB4Hm9nI"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
Sep 06 21:03:12 : {"level":"debug","ts":1630962192.346478,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"HEAD","url":"https://acme-v02.api.letsencrypt.org/acme/new-nonce","headers":{"User-Agent":["Caddy/2.4.5 CertMagic acmez (linux; amd64)"]},"response_headers":{"Cache-Control":["public, max-age=0, no-cache"],"Date":["Mon, 06 Sep 2021 21:03:12 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["0102zeUcI7fg_riXzEFsl5dMGTch2Pj14fLPQbUvT7pkASE"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
Sep 06 21:03:12 : {"level":"debug","ts":1630962192.3818724,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/new-order","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.5 CertMagic acmez (linux; amd64)"]},"response_headers":{"Boulder-Requester":["190167180"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["330"],"Content-Type":["application/json"],"Date":["Mon, 06 Sep 2021 21:03:12 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Location":["https://acme-v02.api.letsencrypt.org/acme/order/190167180/22524946870"],"Replay-Nonce":["0101fnQAppMrIYRgNnnxdBLylLdQsYOe24m67FKt0ATcwvo"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":201}
Sep 06 21:03:12 : {"level":"debug","ts":1630962192.5943043,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/authz-v3/28612803450","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.5 CertMagic acmez (linux; amd64)"]},"response_headers":{"Boulder-Requester":["190167180"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["788"],"Content-Type":["application/json"],"Date":["Mon, 06 Sep 2021 21:03:12 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["0102OE7ppKx8T5vv2H83VXWJAHzTOvLm6naAjmdzmgMR6DA"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
Sep 06 21:03:12 : {"level":"info","ts":1630962192.5946596,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"zanj.cc","challenge_type":"dns-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
Sep 06 21:03:12 : {"level":"debug","ts":1630962192.7772567,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/new-order","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.5 CertMagic acmez (linux; amd64)"]},"response_headers":{"Boulder-Requester":["190167180"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["334"],"Content-Type":["application/json"],"Date":["Mon, 06 Sep 2021 21:03:12 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Location":["https://acme-v02.api.letsencrypt.org/acme/order/190167180/22524948310"],"Replay-Nonce":["01017QlI5cvrjIwB8By6ZQa0gKV6KZe50qaSavjg_lQJ8aA"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":201}
Sep 06 21:03:12 : {"level":"debug","ts":1630962192.968534,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/authz-v3/28612805220","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.5 CertMagic acmez (linux; amd64)"]},"response_headers":{"Boulder-Requester":["190167180"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["792"],"Content-Type":["application/json"],"Date":["Mon, 06 Sep 2021 21:03:12 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["0101e_tKwwjxDg3bat550b_ukaJlv7yssVFMfxgPi6cG_50"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
Sep 06 21:05:16 : {"level":"debug","ts":1630962316.2646008,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/authz-v3/28612805220","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.5 CertMagic acmez (linux; amd64)"]},"response_headers":{"Boulder-Requester":["190167180"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["796"],"Content-Type":["application/json"],"Date":["Mon, 06 Sep 2021 21:05:16 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["0101eaJ7dxUlfk31OFaX1ISz-NwAXiYveKynyt7TkCEyW1s"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
Sep 06 21:05:16 : {"level":"debug","ts":1630962316.2652605,"logger":"tls.obtain","msg":"trying issuer 2/2","issuer":"acme.zerossl.com-v2-DV90"}
Sep 06 21:05:16 : {"level":"warn","ts":1630962316.2655997,"logger":"tls.issuance.zerossl","msg":"missing email address for ZeroSSL; it is strongly recommended to set one for next time"}
Sep 06 21:05:16 : {"level":"debug","ts":1630962316.4006872,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/authz-v3/28612803450","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.5 CertMagic acmez (linux; amd64)"]},"response_headers":{"Boulder-Requester":["190167180"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["792"],"Content-Type":["application/json"],"Date":["Mon, 06 Sep 2021 21:05:16 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["0102ldmrP9GHYKl0HazpIVx7D70prm81sysPkcNKDWXNXmE"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]},"status_code":200}
Sep 06 21:05:16 : {"level":"error","ts":1630962316.4009762,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"zanj.cc","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[zanj.cc] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme-v02.api.letsencrypt.org/acme/order/190167180/22524946870) (ca=https://acme-v02.api.letsencrypt.org/directory)"}
Sep 06 21:05:16 : {"level":"debug","ts":1630962316.4011366,"logger":"tls.obtain","msg":"trying issuer 2/2","issuer":"acme.zerossl.com-v2-DV90"}
Sep 06 21:05:16 : {"level":"warn","ts":1630962316.401295,"logger":"tls.issuance.zerossl","msg":"missing email address for ZeroSSL; it is strongly recommended to set one for next time"}
Sep 06 21:05:16 : {"level":"info","ts":1630962316.821989,"logger":"tls.issuance.zerossl","msg":"generated EAB credentials","key_id":"TwzBMObpLUMV2XdnYCSVdw"}
Sep 06 21:05:16 : {"level":"info","ts":1630962316.8238626,"logger":"tls.issuance.zerossl","msg":"generated EAB credentials","key_id":"H-7vFrAuKc95kWHSjlUGIw"}
Sep 06 21:05:17 : {"level":"debug","ts":1630962317.3142114,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"GET","url":"https://acme.zerossl.com/v2/DV90","headers":{"User-Agent":["Caddy/2.4.5 CertMagic acmez (linux; amd64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["645"],"Content-Type":["application/json"],"Date":["Mon, 06 Sep 2021 21:05:17 GMT"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]},"status_code":200}
Sep 06 21:05:17 : {"level":"debug","ts":1630962317.668621,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"HEAD","url":"https://acme.zerossl.com/v2/DV90/newNonce","headers":{"User-Agent":["Caddy/2.4.5 CertMagic acmez (linux; amd64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Type":["application/octet-stream"],"Date":["Mon, 06 Sep 2021 21:05:17 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["AwWVFXBynLMYMAZlx7v7K8yzdMuj82juDq1CjJrr3qk"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]},"status_code":200}
Sep 06 21:05:17 : {"level":"debug","ts":1630962317.758527,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"HEAD","url":"https://acme.zerossl.com/v2/DV90/newNonce","headers":{"User-Agent":["Caddy/2.4.5 CertMagic acmez (linux; amd64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Type":["application/octet-stream"],"Date":["Mon, 06 Sep 2021 21:05:17 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["3i1v8vH8BIo8aeI4FvreNXlhACDQl5E8uyPE9ViKBz0"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]},"status_code":200}
Sep 06 21:05:18 : {"level":"debug","ts":1630962318.0557957,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/newAccount","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.5 CertMagic acmez (linux; amd64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=0, no-cache, no-store","max-age=-1"],"Content-Length":["579"],"Content-Type":["application/json"],"Date":["Mon, 06 Sep 2021 21:05:18 GMT"],"Location":["https://acme.zerossl.com/v2/DV90/account/TwzBMObpLUMV2XdnYCSVdw"],"Replay-Nonce":["eVH4lswK5F8hSv-LLDx9zowht4L4Pi_6MpuJh2NccJo"],"Server":["nginx"],"Status":[""],"Strict-Transport-Security":["max-age=15552000"]},"status_code":201}
Sep 06 21:05:18 : {"level":"debug","ts":1630962318.1879897,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/newAccount","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.5 CertMagic acmez (linux; amd64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=0, no-cache, no-store","max-age=-1"],"Content-Length":["579"],"Content-Type":["application/json"],"Date":["Mon, 06 Sep 2021 21:05:18 GMT"],"Location":["https://acme.zerossl.com/v2/DV90/account/H-7vFrAuKc95kWHSjlUGIw"],"Replay-Nonce":["T2QRTjZcR1NXUkyXfeV-cDhi07u-QXr46_1GZsV9zVw"],"Server":["nginx"],"Status":[""],"Strict-Transport-Security":["max-age=15552000"]},"status_code":201}
Sep 06 21:05:18 : {"level":"info","ts":1630962318.1884897,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["zanj.cc"],"ca":"https://acme.zerossl.com/v2/DV90","account":""}
Sep 06 21:05:18 : {"level":"info","ts":1630962318.1886828,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["zanj.cc"],"ca":"https://acme.zerossl.com/v2/DV90","account":""}
Sep 06 21:05:18 : {"level":"debug","ts":1630962318.451321,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/newOrder","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.5 CertMagic acmez (linux; amd64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=0, no-cache, no-store","max-age=-1"],"Content-Length":["273"],"Content-Type":["application/json"],"Date":["Mon, 06 Sep 2021 21:05:18 GMT"],"Location":["https://acme.zerossl.com/v2/DV90/order/oFEqdzKp7aH_99JM3RZh1w"],"Replay-Nonce":["kB__iGipiUFWBaDM2o8q_DmkqxzOfbI5v7qYJzoKPiw"],"Server":["nginx"],"Status":[""],"Strict-Transport-Security":["max-age=15552000"]},"status_code":201}
Sep 06 21:05:18 : {"level":"debug","ts":1630962318.6361442,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/newOrder","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.5 CertMagic acmez (linux; amd64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=0, no-cache, no-store","max-age=-1"],"Content-Length":["269"],"Content-Type":["application/json"],"Date":["Mon, 06 Sep 2021 21:05:18 GMT"],"Location":["https://acme.zerossl.com/v2/DV90/order/COmGbgu4jxYq1romFsnqCg"],"Replay-Nonce":["VGCPsrLJYtDnjvCvJvZOqD2wOuamp3QKZSd4DdXL6Lw"],"Server":["nginx"],"Status":[""],"Strict-Transport-Security":["max-age=15552000"]},"status_code":201}
Sep 06 21:05:18 : {"level":"debug","ts":1630962318.8162355,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/authz/9z1CngFW1TkV_3Nctn76oQ","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.5 CertMagic acmez (linux; amd64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["441"],"Content-Type":["application/json"],"Date":["Mon, 06 Sep 2021 21:05:18 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["goW_dI_VfddHoW_jYHU2FYqN4OMs1nddPVLoW1e7tFU"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]},"status_code":200}
Sep 06 21:05:19 : {"level":"debug","ts":1630962319.0101697,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme.zerossl.com/v2/DV90/authz/841dL8yV6Vxzir4LcYIaNA","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.4.5 CertMagic acmez (linux; amd64)"]},"response_headers":{"Access-Control-Allow-Origin":["*"],"Cache-Control":["max-age=-1"],"Content-Length":["437"],"Content-Type":["application/json"],"Date":["Mon, 06 Sep 2021 21:05:18 GMT"],"Link":["<https://acme.zerossl.com/v2/DV90>;rel=\"index\""],"Replay-Nonce":["ZwUd8Gf6y9FAAjXmuek5iFA9oCBRkAWG8mZ0oGs8Ez0"],"Retry-After":["5"],"Server":["nginx"],"Strict-Transport-Security":["max-age=15552000"]},"status_code":200}
Sep 06 21:05:19 : {"level":"info","ts":1630962319.010456,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"zanj.cc","challenge_type":"dns-01","ca":"https://acme.zerossl.com/v2/DV90"}
The split dns is all off now, I checked it is in fact using 1.1.1.1, and it seems to be (via dig). My router doesn’t have any dns cache and the new lxc will definitely not have one - i made it since disabling/byassing pihole (when i set the dhcp server’s to offer 1.1.1.1 to clients). I did try the resolvers
but that didn’t change anything.
Thanks though, if the debug log doesn’t help, I’m hoping Matt comes along - I’ve read he uses cloudflare…