Closed ghost closed 2 years ago
I also encountered an issue today with cloudflare dns challenge. Are they related?:
WARN tls.issuance.acme.acme_client HTTP request failed; retrying {"url": "https://acme-v02.api.letsencrypt.org/directory", "error": "performing request: Get \"https://acme-v02.api.letsencrypt.org/directory\": dial tcp: lookup acme-v02.api.letsencrypt.org on 10.89.0.1:53: server misbehaving"}
2022/02/01 20:25:37.554 WARN tls.issuance.acme.acme_client HTTP request failed; retrying {"url": "https://acme-v02.api.letsencrypt.org/directory", "error": "performing request: Get \"https://acme-v02.api.letsencrypt.org/directory\": dial tcp: lookup acme-v02.api.letsencrypt.org on 10.89.0.1:53: server misbehaving"}
2022/02/01 20:25:37.806 WARN tls.issuance.acme.acme_client HTTP request failed; retrying {"url": "https://acme-v02.api.letsencrypt.org/directory", "error": "performing request: Get \"https://acme-v02.api.letsencrypt.org/directory\": dial tcp: lookup acme-v02.api.letsencrypt.org on 10.89.0.1:53: server misbehaving"}
2022/02/01 20:25:37.806 ERROR tls.obtain could not get certificate from issuer {"identifier": "<wildcard domain>", "issuer": "acme-v02.api.letsencrypt.org-directory", "error": "registering account [] with server: provisioning client: performing request: Get \"https://acme-v02.api.letsencrypt.org/directory\": dial tcp: lookup acme-v02.api.letsencrypt.org on 10.89.0.1:53: server misbehaving"}
@rishubn No, your DNS server at 10.89.0.1:53 is broken. ("server misbehaving")
Aha. It was a case of total user error. I had copied my fail2ban key and not my acme key (completely different perms). Sigh. I hate myself. :D
Recently trying to switch back to Caddy after my setup has altered enough to not need nginx anymore...anyway:
I cannot get any certificates at all:
This is an example for one subdomain. This happens for every single domain and subdomain (I have 2 domains and a ton of subdomains). In my global settings, I have:
I was reading some other issues and tried setting
Zone.Zone
toEdit
instead ofRead
, but that did not help.I assume it's an API issue of some sort, since I don't see any TXT records being created...but unsure what the problem is. This same API key worked when I used Caddy many moons ago and has been working with nginx... 😅
Thoughts? Troubleshooting?
Edit: I've also tried setting a
tls{}
section specifying aresolver
and such, but that caused more issues (400s and 403s), so that doesn't seem like the correct solution.Edit 2: Actually, I switched to specifying this:
and now the logs are more like:
So it's definitely an API issue, I guess...but I'm not sure why.
Edit 3:
curl -X GET "https://api.cloudflare.com/client/v4/zones?name=actionsack.com" -H "Content-Type:application/json" -H "Authorization: Bearer <token>"
works just fine, as well.