1. The problem I’m having:
Hello everyone. I am trying to use Namecheap as my DNS Provider and have Caddy lease and renew certificates for my wildcard url. I get an error saying xyz is not a valid domain
. I am not sure where to begin troubleshooting. I can confirm my namecheap DNS has a wildcard with the appropiate IP Address.
2. Error messages and/or full log output:
caddy | {"level":"error","ts":1701060103.9745886,"logger":"tls.issuance.zerossl.acme_client","msg":"cleaning up solver","identifier":"*.example.com","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.example.com\" (usually OK if presenting also failed)"}
caddy | {"level":"error","ts":1701060104.0441127,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"*.example.com","issuer":"acme-staging-v02.api.letsencrypt.org-directory","error":"[*.example.com] solving challenges: presenting for challenge: adding temporary record for zone \"xyz.\": domain: xyz is not a valid domain. Expected at least 1 TLD and 1 SLD (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/126400904/12565262814) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
caddy | {"level":"error","ts":1701060104.0441592,"logger":"tls.obtain","msg":"will retry","error":"[*.example.com] Obtain: [*.example.com] solving challenges: presenting for challenge: adding temporary record for zone \"xyz.\": domain: xyz is not a valid domain. Expected at least 1 TLD and 1 SLD (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/126400904/12565262814) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":3,"retrying_in":120,"elapsed":182.406113883,"max_duration":2592000}
caddy | {"level":"info","ts":1701060224.0448413,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"*.example.com"}
caddy | {"level":"info","ts":1701060224.25706,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"*.example.com","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
caddy | {"level":"error","ts":1701060224.3363547,"logger":"tls.issuance.acme.acme_client","msg":"cleaning up solver","identifier":"*.example.com","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.example.com\" (usually OK if presenting also failed)"}
caddy | {"level":"error","ts":1701060224.405523,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"*.example.com","issuer":"acme-staging-v02.api.letsencrypt.org-directory","error":"[*.example.com] solving challenges: presenting for challenge: adding temporary record for zone \"xyz.\": domain: xyz is not a valid domain. Expected at least 1 TLD and 1 SLD (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/126400904/12565306424) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
caddy | {"level":"info","ts":1701060224.61004,"logger":"tls.issuance.zerossl.acme_client","msg":"trying to solve challenge","identifier":"*.example.com","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
caddy | {"level":"error","ts":1701060224.639476,"logger":"tls.issuance.zerossl.acme_client","msg":"cleaning up solver","identifier":"*.example.com","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.example.com\" (usually OK if presenting also failed)"}
caddy | {"level":"error","ts":1701060224.7054188,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"*.example.com","issuer":"acme-staging-v02.api.letsencrypt.org-directory","error":"[*.example.com] solving challenges: presenting for challenge: adding temporary record for zone \"xyz.\": domain: xyz is not a valid domain. Expected at least 1 TLD and 1 SLD (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/126400904/12565306614) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
caddy | {"level":"error","ts":1701060224.7054589,"logger":"tls.obtain","msg":"will retry","error":"[*.example.com] Obtain: [*.example.com] solving challenges: presenting for challenge: adding temporary record for zone \"xyz.\": domain: xyz is not a valid domain. Expected at least 1 TLD and 1 SLD (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/126400904/12565306614) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":4,"retrying_in":300,"elapsed":303.067413508,"max_duration":2592000}
^CGracefully stopping... (press Ctrl+C again to force)
3. Caddy version:
# caddy version
v2.7.5 h1:HoysvZkLcN2xJExEepaFHK92Qgs7xAiCFydN5x5Hs6Q=
4. How I installed and ran Caddy:
Built a caddy container using docker and docker compose.
Here is the Dockerfile:
FROM caddy:builder AS builder
RUN xcaddy build \
--with github.com/caddy-dns/namecheap
FROM caddy:latest
RUN apk add --no-cache bash
RUN apk add --no-cache vim
COPY --from=builder /usr/bin/caddy /usr/bin/caddy
c. Service/unit/compose file:
version: "3.7"
services:
caddy:
image: caddy:latest
container_name: caddy
restart: unless-stopped
build:
context: ./build
dockerfile: dockerfile
cap_add:
- NET_ADMIN
ports:
- "80:80"
- "443:443"
- "443:443/udp"
volumes:
- $PWD/Caddyfile:/etc/caddy/Caddyfile
- $PWD/site:/srv
- $PWD/data:/data
- $PWD/config:/config
portainer:
image: portainer/portainer-ce:alpine
container_name: portainer
command: -H unix:///var/run/docker.sock
ports:
- "9000:9000"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"
- "portainer_data:/data"
restart: always
volumes:
portainer_data:
d. My complete Caddy config:
{
acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
}
(tls_config) {
tls {
dns namecheap {
api_key {env.NAMECHEAP_API_KEY}
user {env.NAMECHEAP_API_USER}
}
}
}
*.4tress.xyz {
import tls_config
header Access-Control-Allow-Origin "*"
header Access-Control-Allow-Methods "POST, GET, OPTIONS"
@books host books.4tress.xyz
handle @books {
reverse_proxy 192.168.50.77:8083
}
@docker host docker.4tress.xyz
handle @docker {
reverse_proxy 192.168.50.77:9000
}
@home host home.4tress.xyz
handle @home {
reverse_proxy 192.168.50.77:3015
}
@sync host syncthing.4tress.xyz
handle @sync {
reverse_proxy 192.168.50.77:8084
}
}