search

caddy-dns / cloudflare

Caddy module: dns.providers.cloudflare
Apache License 2.0
436 stars 59 forks source link

Certificate renewal stopped working #81

Closed himazawa closed 2 months ago

himazawa commented 2 months ago

I'm using caddy in Docker with the following dockerfile:

FROM caddy:2-builder AS builder

RUN xcaddy build \
    --with github.com/caddy-dns/cloudflare \
    --with github.com/dulli/caddy-wol

FROM caddy:2

COPY --from=builder /usr/bin/caddy /usr/bin/caddy

and the following caddyfile:

{
  log
  ocsp_stapling off
}

...
ag.prismlab.cc {
  tls {
    dns cloudflare {env.CF_API_TOKEN}
    resolvers 1.1.1.1
  }
  reverse_proxy 192.168.1.254:8081
}

...

Starting yesterday I'm getting errors at caddy startup.

The CF token is correctly set to Zone.Zone:Read and Zone.DNS:Edit.

I already tried to rotate the token (just in case) and re-built Caddy without any improvement.

The docker container is using 1.1.1.1 as DNS.

It was working correctly in the past, no idea what changed that could have break it.

mholt commented 2 months ago

It seems reddit.prismlab.cc has no DNS records:

$ doggo --any reddit.prismlab.cc
NAME    TYPE    CLASS   TTL ADDRESS NAMESERVER

I would double-check your DNS configuration. I'm going to close this, but if it turns out to be a bug in the Cloudflare module, we can reopen it :)