DNS challenge for Digitalocean (for wildcard) #3766
Description
Caddy v2.2.0
OS : "Ubuntu 20.04.1 LTS (Focal Fossa)"
built from source using
xcaddy build --with github.com/caddy-dns/digitalocean
Now with caddy list-modules, I can see dns.providers.digitalocean in the list.
section of my Caddyfile
*.foo.bar {
tls {
dns digitalocean DO_AUTH_KEY
}
reverse_proxy * localhost:6000
}
Upon 'starting' the caddy or 'reloading' for that matter, (systemctl reload caddy)
I noticed that the plugin creates a TXT record in DigitalOcean as expected,
but the Hostname is _acme-challenge.foo.bar.foo.bar (Yes foo.bar twice appended to the end.)
I have *.foo.bar directed towards my server IP in addition to the auto-created TXT record.
What I aim to achieve :
I would like all request to anything.foo.bar be coming to my app running at localhost:6000 of my server.
Sep 29 21:47:55 ip-xxx-xx-x-xxx caddy[107299]: {"level":"info","ts":1601416075.4779391,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"*.foo.bar","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
Sep 29 21:49:59 ip-xxx-xx-x-xxx caddy[107299]: {"level":"error","ts":1601416199.1840057,"logger":"tls.obtain","msg":"will retry","error":"[*.foo.bar] Obtain: [*.foo.bar] solving challenges: waiting for solver *certmagic.DNS01Solver to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/15856118/158773406) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":9,"retrying_in":1800,"elapsed":6525.578472893,"max_duration":2592000}
Sep 29 22:20:00 ip-xxx-xx-x-xxx caddy[107299]: {"level":"info","ts":1601418000.9284205,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"*.foo.bar","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
Sep 29 22:22:04 ip-xxx-xx-x-xxx caddy[107299]: {"level":"error","ts":1601418124.8804,"logger":"tls.obtain","msg":"will retry","error":"[*.foo.bar] Obtain: [*.foo.bar] solving challenges: waiting for solver *certmagic.DNS01Solver to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/15856118/158786846) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":10,"retrying_in":3600,"elapsed":8451.274867278,"max_duration":2592000}
Sep 29 23:22:06 ip-xxx-xx-x-xxx caddy[107299]: {"level":"info","ts":1601421726.4575117,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"*.foo.bar","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
Sep 29 23:24:10 ip-xxx-xx-x-xxx caddy[107299]: {"level":"error","ts":1601421850.054532,"logger":"tls.obtain","msg":"will retry","error":"[*.foo.bar] Obtain: [*.foo.bar] solving challenges: waiting for solver *certmagic.DNS01Solver to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/15856118/158809342) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":11,"retrying_in":10800,"elapsed":12176.448999569,"max_duration":2592000}
Sep 30 02:24:11 ip-xxx-xx-x-xxx caddy[107299]: {"level":"info","ts":1601432651.6319113,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"*.foo.bar","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
Sep 30 02:26:16 ip-xxx-xx-x-xxx caddy[107299]: {"level":"error","ts":1601432776.6587107,"logger":"tls.obtain","msg":"will retry","error":"[*.foo.bar] Obtain: [*.foo.bar] solving challenges: waiting for solver *certmagic.DNS01Solver to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/15856118/158888193) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":12,"retrying_in":21600,"elapsed":23103.053177846,"max_duration":2592000}
Sep 30 08:26:18 ip-xxx-xx-x-xxx caddy[107299]: {"level":"info","ts":1601454378.4603336,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"*.foo.bar","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
Sep 30 08:28:24 ip-xxx-xx-x-xxx caddy[107299]: {"level":"error","ts":1601454504.1608217,"logger":"tls.obtain","msg":"will retry","error":"[*.foo.bar] Obtain: [*.foo.bar] solving challenges: waiting for solver *certmagic.DNS01Solver to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/15856118/159049369) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":13,"retrying_in":21600,"elapsed":44830.555289102,"max_duration":2592000}
my tls part of curl localhost:2019/config/
"tls": {
"automation": {
"policies": [
{
"issuer": {
"challenges": {
"dns": {
"provider": {
"auth_token": "xxxx",
"name": "digitalocean"
}
}
},
"email": "address@gmail.com",
"module": "acme"
},
"subjects": [
"*.foo.bar"
]
},
{
"issuer": {
"email": "address@gmail.com",
"module": "acme"
}
}
]
}
}
@mtricht || @SvenDowideit
What am I doing wrong? Please help!!
Thanks in advance :)