1. Output of caddy version
:
caddy version
v2.6.2 h1:wKoFIxpmOJLGl3QXoo6PNbYvGW4xLEgo32GPBEjWL8o=
2. How I run Caddy:
i installed caddy on an aws ec2 instance ubuntu using exactly what was said on the documentation page
a. System environment:
Ubuntu 22.04.1 LTS (GNU/Linux 5.15.0-1022-aws x86_64)
b. Command:
Paste command here.
c. Service/unit/compose file:
Paste full file contents here.
Make sure backticks stay on their own lines,
and the post looks nice in the preview pane. -->
d. My complete Caddy config:
*.mysite, mysite {
tls {
dns route53 {
max_retries 10
aws_profile "my profile"
access_key_id "my-profile-access-key"
secret_access_key "my-profile-secret-key"
token "my-profile-secret-key"
region "eu-west-3"
}
}
root * /var/www/mysite/public
encode zstd gzip
file_server
php_fastcgi unix//var/run/php/php8.2-fpm.sock
}
3. The problem I’m having:
Im trying to get subdomain to work with my domain (wildcard certificate) but subdomain doesn’t generate ssl certificate
all my certificates are hosted on s3 storage so i have both s3 storage plugin and dns route 53 plugin
4. Error messages and/or full log output:
Jan 21 22:05:17 ip-172-31-39-194 caddy[249127]: {"level":"info","ts":1674338717.9979832,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"*.testlave.live"}
Jan 21 22:05:18 ip-172-31-39-194 caddy[249127]: {"level":"info","ts":1674338718.422322,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"*.testlave.live","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
Jan 21 22:05:18 ip-172-31-39-194 caddy[249127]: {"level":"error","ts":1674338718.7669091,"logger":"http.acme_client","msg":"cleaning up solver","identifier":"*.testlave.live","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.testlave.live\" (usually OK if presenting also failed)"}
Jan 21 22:05:18 ip-172-31-39-194 caddy[249127]: {"level":"error","ts":1674338718.9066675,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"*.testlave.live","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[*.testlave.live] solving challenges: presenting for challenge: adding temporary record for zone \"testlave.live.\": operation error Route 53: ListHostedZonesByName, https response error StatusCode: 403, RequestID: 6563e61e-134a-4fd2-bf70-7607d883a16e, api error SignatureDoesNotMatch: The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details. (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/84131713/6694827993) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
Jan 21 22:05:20 ip-172-31-39-194 caddy[249127]: {"level":"info","ts":1674338720.8710263,"logger":"http.acme_client","msg":"trying to solve challenge","identifier":"*.testlave.live","challenge_type":"dns-01","ca":"https://acme.zerossl.com/v2/DV90"}
Jan 21 22:05:21 ip-172-31-39-194 caddy[249127]: {"level":"error","ts":1674338721.2110147,"logger":"http.acme_client","msg":"cleaning up solver","identifier":"*.testlave.live","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.testlave.live\" (usually OK if presenting also failed)"}
Jan 21 22:05:21 ip-172-31-39-194 caddy[249127]: {"level":"error","ts":1674338721.700836,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"*.testlave.live","issuer":"acme.zerossl.com-v2-DV90","error":"[*.testlave.live] solving challenges: presenting for challenge: adding temporary record for zone \"testlave.live.\": operation error Route 53: ListHostedZonesByName, https response error StatusCode: 403, RequestID: 46ad2d23-adcd-40f0-830e-8da7edda790f, api error SignatureDoesNotMatch: The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details. (order=https://acme.zerossl.com/v2/DV90/order/cM01XC8kmxAyX93orxXaxQ) (ca=https://acme.zerossl.com/v2/DV90)"}
Jan 21 22:05:21 ip-172-31-39-194 caddy[249127]: {"level":"error","ts":1674338721.7011356,"logger":"tls.obtain","msg":"will retry","error":"[*.testlave.live] Obtain: [*.testlave.live] solving challenges: presenting for challenge: adding temporary record for zone \"testlave.live.\": operation error Route 53: ListHostedZonesByName, https response error StatusCode: 403, RequestID: 46ad2d23-adcd-40f0-830e-8da7edda790f, api error SignatureDoesNotMatch: The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details. (order=https://acme.zerossl.com/v2/DV90/order/cM01XC8kmxAyX93orxXaxQ) (ca=https://acme.zerossl.com/v2/DV90)","attempt":4,"retrying_in":300,"elapsed":319.633461226,"max_duration":2592000}
5. What I already tried:
Please help me . Im assuming the error has to do with token Id value cause i tried using both access & secret key but to no avail’
when i create my iam user,AWS gives me only access key & secret key so dont know what to put at token
If my assumptions are wrong, please correct me in the right direction