Wildcard subdomains + Bunny

phildini · February 9, 2025, 11:42pm

1. The problem I’m having:

I’m trying to do wildcard subdomains with Caddy and bunny.net, when I run caddy (with the bunny plugin built in via xcaddy), I’m seeing a lot of acquiring lock for the subdomains, but when I try to actually visit a site that should match I get a “Secure Connection Failed”. Anyone know what I’m doing wrong here? Any way I can debug this under the hood?

I am seeing acme requests in the bunny query log, and they’re being directed back to the server

2. Error messages and/or full log output:

2025/02/09 23:39:06.069 INFO    using adjacent Caddyfile
2025/02/09 23:39:06.086 INFO    adapted config to JSON  {"adapter": "caddyfile"}
2025/02/09 23:39:06.086 WARN    Caddyfile input is not formatted; run 'caddy fmt --overwrite' to fix inconsistencies    {"adapter": "caddyfile", "file": "Caddyfile", "line": 2}
2025/02/09 23:39:06.094 INFO    admin   admin endpoint started  {"address": "localhost:2019", "enforce_origin": false, "origins": ["//127.0.0.1:2019", "//localhost:2019", "//[::1]:2019"]}
2025/02/09 23:39:06.095 INFO    tls.cache.maintenance   started background certificate maintenance      {"cache": "0xc00019ef80"}
2025/02/09 23:39:06.095 INFO    http.auto_https server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS {"server_name": "srv0", "https_port": 443}
2025/02/09 23:39:06.095 INFO    http.auto_https enabling automatic HTTP->HTTPS redirects        {"server_name": "srv0"}
2025/02/09 23:39:06.099 INFO    http    enabling HTTP/3 listener        {"addr": ":443"}
2025/02/09 23:39:06.099 INFO    http.log        server running  {"name": "srv0", "protocols": ["h1", "h2", "h3"]}
2025/02/09 23:39:06.099 WARN    http    HTTP/2 skipped because it requires TLS  {"network": "tcp", "addr": ":80"}
2025/02/09 23:39:06.099 WARN    http    HTTP/3 skipped because it requires TLS  {"network": "tcp", "addr": ":80"}
2025/02/09 23:39:06.099 INFO    http.log        server running  {"name": "remaining_auto_https_redirects", "protocols": ["h1", "h2", "h3"]}
2025/02/09 23:39:06.099 INFO    http    enabling automatic TLS certificate management   {"domains": ["civic.band", "*.ma.civic.band", "*.az.civic.band", "*.ak.civic.band", "*.sc.civic.band", "*.ga.civic.band", "*.ca.civic.band", "*.va.civic.band", "*.co.civic.band", "*.la.civic.band", "*.nm.civic.band", "*.pa.civic.band", "*.fl.civic.band", "*.il.civic.band", "*.on.canada.civic.band", "*.bc.canada.civic.band", "*.ks.civic.band", "*.wa.civic.band", "*.al.civic.band", "analytics.civic.band", "*.nc.civic.band", "*.pr.civic.band", "*.tn.civic.band", "*.mn.civic.band", "*.nj.civic.band", "*.oh.civic.band", "*.nv.civic.band", "*.mt.civic.band", "*.or.civic.band", "*.nd.civic.band", "*.ny.civic.band", "*.ar.civic.band", "*.tx.civic.band", "*.wi.civic.band", "*.mi.civic.band", "*.hi.civic.band", "*.sd.civic.band", "*.ne.civic.band", "*.ab.canada.civic.band", "*.ky.civic.band", "*.me.civic.band", "*.ri.civic.band", "*.mo.civic.band", "*.ia.civic.band", "*.ut.civic.band", "*.id.civic.band", "*.ms.civic.band", "*.ok.civic.band", "*.md.civic.band", "*.wy.civic.band", "*.sk.canada.civic.band", "*.nh.civic.band"]}
2025/02/09 23:39:06.100 INFO    tls     storage cleaning happened too recently; skipping for now        {"storage": "FileStorage:/root/.local/share/caddy", "instance": "f53942f4-c807-455c-b41c-2dd8e8f4fb59", "try_again": "2025/02/10 23:39:06.100", "try_again_in": 86399.99999972}
2025/02/09 23:39:06.100 INFO    tls     finished cleaning storage units
2025/02/09 23:39:06.104 INFO    tls.obtain      acquiring lock  {"identifier": "*.ga.civic.band"}
2025/02/09 23:39:06.104 INFO    autosaved config (load with --resume flag)      {"file": "/root/.config/caddy/autosave.json"}
2025/02/09 23:39:06.104 INFO    serving initial configuration
2025/02/09 23:39:06.104 INFO    tls.obtain      acquiring lock  {"identifier": "*.ak.civic.band"}
Successfully started Caddy (pid=513662) - Caddy is running in the background
2025/02/09 23:39:06.105 INFO    tls.obtain      acquiring lock  {"identifier": "*.nv.civic.band"}
2025/02/09 23:39:06.105 INFO    tls.obtain      acquiring lock  {"identifier": "*.ma.civic.band"}
2025/02/09 23:39:06.105 INFO    tls.obtain      acquiring lock  {"identifier": "*.nj.civic.band"}
2025/02/09 23:39:06.106 INFO    tls.obtain      acquiring lock  {"identifier": "*.va.civic.band"}
2025/02/09 23:39:06.106 INFO    tls.obtain      acquiring lock  {"identifier": "*.mt.civic.band"}
2025/02/09 23:39:06.106 INFO    tls.obtain      acquiring lock  {"identifier": "*.co.civic.band"}
2025/02/09 23:39:06.106 INFO    tls.obtain      acquiring lock  {"identifier": "*.sc.civic.band"}
2025/02/09 23:39:06.106 INFO    tls.obtain      acquiring lock  {"identifier": "*.az.civic.band"}
2025/02/09 23:39:06.106 INFO    tls.obtain      acquiring lock  {"identifier": "*.ne.civic.band"}
2025/02/09 23:39:06.107 INFO    tls.obtain      acquiring lock  {"identifier": "*.ky.civic.band"}
2025/02/09 23:39:06.107 INFO    tls.obtain      acquiring lock  {"identifier": "*.sd.civic.band"}
2025/02/09 23:39:06.107 INFO    tls.obtain      acquiring lock  {"identifier": "*.ab.canada.civic.band"}
2025/02/09 23:39:06.108 INFO    tls.obtain      acquiring lock  {"identifier": "*.ny.civic.band"}
2025/02/09 23:39:06.109 INFO    tls.obtain      acquiring lock  {"identifier": "*.ri.civic.band"}
2025/02/09 23:39:06.109 INFO    tls.obtain      acquiring lock  {"identifier": "*.oh.civic.band"}
2025/02/09 23:39:06.109 INFO    tls.obtain      acquiring lock  {"identifier": "*.ar.civic.band"}

3. Caddy version:

v2.9.1 h1:OEYiZ7DbCzAWVb6TNEkjRcSCRGHVoZsJinoDR/n9oaY=

4. How I installed and ran Caddy:

xcaddy build --with github.com/caddy-dns/bunny --with github.com/caddy-dns/acmedns

a. System environment:

Linux galaxy-brain-us-or-1 6.8.0-51-generic #52-Ubuntu SMP PREEMPT_DYNAMIC Thu Dec 5 13:09:44 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux

b. Command:

sudo ./caddy start

c. Service/unit/compose file:

n/a

d. My complete Caddy config:

{
    metrics
    log log-main {
        format json
        output file /var/log/caddy.access.log
    }
}

(subdomain-log) {
    log {
        format json
        output file /var/log/caddy.access.log
    }
}

(django-app) {
    tls {
        issuer acme {
            email hello@civic.band
            timeout 5s
            dns bunny {env.BUNNY_API_KEY}
        }
    }
    reverse_proxy localhost:8000 localhost:8001 {
        lb_retries 3
    }
}

analytics.civic.band {
    reverse_proxy 127.0.0.1:3000
}

civic.band {
    import subdomain-log civic.band
    root * static
    route {
        file_server /how.html
        file_server /why.html
        file_server /privacy.html
        file_server /rss.xml
        reverse_proxy * 127.0.0.1:40001 127.0.0.1:40002 {
            lb_retries 3
        }
    }
}


*.ON.canada.civic.band {
    import subdomain-log ON.canada.civic.band
    import django-app
}

*.AB.canada.civic.band {
    import subdomain-log AB.canada.civic.band
    import django-app
}

*.SK.canada.civic.band {
    import subdomain-log SK.canada.civic.band
    import django-app
}

*.BC.canada.civic.band {
    import subdomain-log BC.canada.civic.band
    import django-app
}



*.CA.civic.band {
    import subdomain-log CA.civic.band
    import django-app
}

*.PA.civic.band {
    import subdomain-log PA.civic.band
    import django-app
}

*.OH.civic.band {
    import subdomain-log OH.civic.band
    import django-app
}

*.MD.civic.band {
    import subdomain-log MD.civic.band
    import django-app
}

*.HI.civic.band {
    import subdomain-log HI.civic.band
    import django-app
}

*.VA.civic.band {
    import subdomain-log VA.civic.band
    import django-app
}

*.NC.civic.band {
    import subdomain-log NC.civic.band
    import django-app
}

*.WA.civic.band {
    import subdomain-log WA.civic.band
    import django-app
}

*.OK.civic.band {
    import subdomain-log OK.civic.band
    import django-app
}

*.NV.civic.band {
    import subdomain-log NV.civic.band
    import django-app
}

*.MA.civic.band {
    import subdomain-log MA.civic.band
    import django-app
}

*.MI.civic.band {
    import subdomain-log MI.civic.band
    import django-app
}

*.TX.civic.band {
    import subdomain-log TX.civic.band
    import django-app
}

*.KY.civic.band {
    import subdomain-log KY.civic.band
    import django-app
}

*.OR.civic.band {
    import subdomain-log OR.civic.band
    import django-app
}

*.FL.civic.band {
    import subdomain-log FL.civic.band
    import django-app
}

*.NM.civic.band {
    import subdomain-log NM.civic.band
    import django-app
}

*.CO.civic.band {
    import subdomain-log CO.civic.band
    import django-app
}

*.WI.civic.band {
    import subdomain-log WI.civic.band
    import django-app
}

*.ME.civic.band {
    import subdomain-log ME.civic.band
    import django-app
}

*.UT.civic.band {
    import subdomain-log UT.civic.band
    import django-app
}

*.MT.civic.band {
    import subdomain-log MT.civic.band
    import django-app
}

*.NH.civic.band {
    import subdomain-log NH.civic.band
    import django-app
}

*.MO.civic.band {
    import subdomain-log MO.civic.band
    import django-app
}

*.GA.civic.band {
    import subdomain-log GA.civic.band
    import django-app
}

*.AZ.civic.band {
    import subdomain-log AZ.civic.band
    import django-app
}

*.TN.civic.band {
    import subdomain-log TN.civic.band
    import django-app
}

*.RI.civic.band {
    import subdomain-log RI.civic.band
    import django-app
}

*.IL.civic.band {
    import subdomain-log IL.civic.band
    import django-app
}

*.WY.civic.band {
    import subdomain-log WY.civic.band
    import django-app
}

*.MN.civic.band {
    import subdomain-log MN.civic.band
    import django-app
}

*.AL.civic.band {
    import subdomain-log AL.civic.band
    import django-app
}

*.NY.civic.band {
    import subdomain-log NY.civic.band
    import django-app
}

*.NJ.civic.band {
    import subdomain-log NJ.civic.band
    import django-app
}

*.KS.civic.band {
    import subdomain-log KS.civic.band
    import django-app
}

*.LA.civic.band {
    import subdomain-log LA.civic.band
    import django-app
}

*.AK.civic.band {
    import subdomain-log AK.civic.band
    import django-app
}

*.PR.civic.band {
    import subdomain-log PR.civic.band
    import django-app
}

*.SC.civic.band {
    import subdomain-log SC.civic.band
    import django-app
}

*.IA.civic.band {
    import subdomain-log IA.civic.band
    import django-app
}

*.SD.civic.band {
    import subdomain-log SD.civic.band
    import django-app
}

*.ID.civic.band {
    import subdomain-log ID.civic.band
    import django-app
}

*.NE.civic.band {
    import subdomain-log NE.civic.band
    import django-app
}

*.ND.civic.band {
    import subdomain-log ND.civic.band
    import django-app
}

*.AR.civic.band {
    import subdomain-log AR.civic.band
    import django-app
}

*.MS.civic.band {
    import subdomain-log MS.civic.band
    import django-app
}

5. Links to relevant resources:

TheRettom · February 10, 2025, 5:13am

I’m not entirely sure if your log is truncated or not, but there’s nothing after it acquires a lock. That to me says it’s hanging while trying to get the certificates generated.

Add debug (link) to your global option and see if there’s any more information.

system · March 12, 2025, 5:14am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.