Closed christianbur closed 8 months ago
KalleDK
commented
8 months ago Start with the readme file where there are examples. I've not tried alias mode, but It should be independent of this module. Try without alias and then add it when you know it works.
christianbur
commented
8 months ago Thank you for the quick response. At the moment I am still in the process of implementing the example, but that's exactly what's not working for me. When I copy the "tls" block into my caddyfile, I get exactly the error described.
Error: adapting config using caddyfile: parsing caddyfile tokens for 'tls': wrong argument count or unexpected line ending after 'user', at /etc/caddy/Caddyfile:26
KalleDK
commented
8 months ago Try the newest version, this works for me. Though this is not either alias or wildcard, but that should also be provider independent afaik.
{
acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
}
my.domain.com {
tls {
dns acmeproxy https://ns03.example.com:9090 {
username flaf
password secretpass
}
}
reverse_proxy nginx-mailcow:8080 {
health_uri /
lb_try_duration 5s
}
}Thank you.
I am one step further, now the acme challange cannot be passed to the backend via POST.
The problem is that this plugin uses "FQDN"instead of "fqdn" and "Value" instead of "value"` as parameters, therefore, the values are not accepted during the transfer.
Of course I could changed my backend, but it should be changed in the plugin. The reason for this is that, for example, acme.sh and Lego also pass lower-case parameters, so compatibility is given.
Example of working plugins: Lego/traefik acme.sh
KalleDK
commented
8 months ago There are no official RFC for the spec, but I can see that mdbraber/acmeproxy uses lowercase, so I've changed it in the provider to lowercase :)
christianbur
commented
8 months ago I have received a certificate, but only with the propagation_timeout and propagation_delay parameters. For the DNS resolution, somehow the public IP address of the server itself is tried (of course this does not work), so the test fails.
my config:
tls {
issuer acme {
# https://caddyserver.com/docs/caddyfile/directives/tls#acme
dir https://acme-staging-v02.api.letsencrypt.org/directory
email webmaster@yyyy.de
dns acmeproxy https://dnsapi.yyyyyyyyyyyy.de/acme {
username cb_acme
password yyyyyyyyyyyyyyyyyyyyyyyyyyyyyy
}
propagation_timeout -1
propagation_delay 30s
resolvers 9.9.9.9
}}
KalleDK
commented
8 months ago I don't think I can help with that, as that has nothing to do with the provider. This only creates and removes dns entries.
christianbur
commented
8 months ago I have found the error, it has to do with the fact that I operate DNS servers myself. I think everything will be up and running soon, thanks for the help.
KalleDK
commented
8 months ago No problem - please close the issue if everything is fine :)
I am currently using acme.sh with the acmeproxy plugin and the dns-alias-mode. Now I am testing if caddy fulfills my requirements, for this I need wildcard certificates. I hope to realize this with the acmeproxy plugin and "dns_challenge_override_domain" option.
However, when testing I always get the error "caddyfile: parsing caddyfile tokens for 'acme_dns': wrong argument count or unexpected line ending after". Since I don't know caddy very well and this plugin is only 5 days old, I don't know where to look for the problem.
my Dockerfile:
my demo Caddyfile
error:
I also get the error within the domain section with "dns acmeproxy https://...".
If I define the "endpoint" twice, I get the error message "API token already set" from the acmeproxy plugin, so the plugin does the evaluation.
error:
@KalleDK How do I define "username" and "password" correctly?