-
-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Failed DNS challenge (DNS-01) on Caddy >=v2.8.0 #6557
Comments
Interesting, that's very odd! Does this only happen with Desec? I'd be curious if you happen to be able to test another (similar?) domain on another DNS provider (I appreciate that you gave the recipe to reproduce it, I just don't have extra time right now). |
Haha! Yeah it's indeed odd. In hindsight, I should have elaborated that the DNS-01 failure is specifically on the subdomain Right now I can only see this issue on deSEC since it's the only DNS provider that offers free subdomain setup. Other provider like Cloudflare has it at Enterprise tier pricing! So I can't config 2 separate zones. Let me know if there another provider that offer it for free I can test on. I hope another member of the org can take a look at this issue. |
cloudflare too.
|
@LGinC your config is not evidence of a problem. |
my fault, mosdns in my router not work correctly, caddy work fine after stop mosdns. |
I can confirm that this was an issue for me as well. I tried to use the dns digitalocean plugin and it flatly refused to obtain certificates using Caddy v2.8.4 I switched to a build with v2.7.6 and it successfully obtained a certificate with dns-01 challenge using the digitalocean API within a few seconds. |
I think this is fixed in the latest beta (2.9 beta 3) if you would like to try it and confirm. caddyserver/certmagic@4293198 |
1. Environment
1a. Operating system and version
1b. Caddy version (run
caddy version
or paste commit SHA)1c. Go version (if building Caddy from source; run
go version
)2. Description
2a. What happens (briefly explain what is wrong)
Caddy v2.8.4 fails DNS challenge on subdomain zone.
2b. Why it's a bug (if it's not obvious)
If I downgrade to Caddy v2.7.6, Caddy is able to pass DNS challenge. The earliest version I observed this issue is on Caddy v2.8.0. I noticed in the logs when Caddy fails DNS challenge, there is no wait between
waiting for solver before continuing
anddone waiting for solver
. When Caddy passed DNS challenge, the wait is over a minute.2c. Log output
Failed to pass challenge to obtain certificate
Successfully pass challenge and obtained certificate
2d. Workaround(s)
xcaddy build v2.7.6 --with github.com/caddy-dns/desec
2e. Relevant links
Zonefile for my domains:
geah.dedyn.io
_acme-challenge.ip.geah.dedyn.io
3. Tutorial (minimal steps to reproduce the bug)
xcaddy build --with github.com/caddy-dns/desec
caddy run
The text was updated successfully, but these errors were encountered: