search

caddy-dns / digitalocean

41 stars 20 forks source link

Challenge never solved: waiting for solver *certmagic.DNS01Solver to be ready #8

Closed johnandersen777 closed 3 years ago

johnandersen777 commented 3 years ago

I have the following Caddyfile

{
    debug
    http_port 8080
    https_port 4443
    admin off
    email johnandersenpdx@gmail.com
    storage file_system {
        root /srv/caddy/
    }
}

chadig.com {
    respond "Hello World"
    reverse_proxy /9090/* 127.0.0.1:9090
    reverse_proxy /10000/* 127.0.0.1:10000
    tls {
        dns digitalocean {env.DIGITALOCEAN_ACCESS_TOKEN}
    }
}

:9090 {
    respond "I am 9090"
}

:10000 {
    respond "I am 10000"
}

I have the following dockerfile

FROM golang AS builder

RUN latest=$(curl -sSL https://github.com/caddyserver/xcaddy/releases | grep _linux_amd64.tar.gz | head -n 1 | sed -e 's/.*download\///g' -e 's/".*//g') && \
  curl -vfL "https://github.com//caddyserver/xcaddy/releases/download/${latest}" | tar -xvz -C /usr/bin

WORKDIR /src/build/caddy

RUN xcaddy build \
    --with github.com/greenpau/caddy-auth-portal@v1.3.11 \
    --with github.com/caddy-dns/digitalocean@8f6fa5c3edfcb799c9ce507825e638172fb2953a

FROM alpine
COPY --from=builder /src/build/caddy/caddy /usr/bin/caddy
# Certs are needed to talk to Let's Encrypt ACME resolver
RUN apk --no-cache add ca-certificates

When I run caddy as follows in docker:

docker run --name caddy -d --restart=always -p 80:8080 -p 443:4443 --user 996:996 \
  -v /root/state/caddy:/srv/caddy \
  -e XDG_CONFIG_HOME=/srv/caddy caddy \
  caddy run -watch \
  -adapter caddyfile -config /srv/caddy/Caddyfile

It seems like the caddy-dns/digitalocean plugin doesn't do anything? I just keeps saying that its "waiting for solver *certmagic.DNS01Solver to be ready"

{"level":"info","ts":1612279851.176578,"msg":"using provided configuration","config_file":"/srv/caddy/Caddyfile","config_adapter":"caddyfile"}
{"level":"warn","ts":1612279851.181392,"logger":"admin","msg":"admin endpoint disabled"}
{"level":"info","ts":1612279851.1872113,"logger":"http","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv1","https_port":4443}
{"level":"info","ts":1612279851.1874175,"logger":"http","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv1"}
{"level":"info","ts":1612279851.195197,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc00049c460"}
{"level":"debug","ts":1612279851.1965938,"logger":"http","msg":"starting server loop","address":"[::]:4443","http3":false,"tls":true}
{"level":"debug","ts":1612279851.196665,"logger":"http","msg":"starting server loop","address":"[::]:9090","http3":false,"tls":false}
{"level":"debug","ts":1612279851.1966977,"logger":"http","msg":"starting server loop","address":"[::]:8080","http3":false,"tls":false}
{"level":"debug","ts":1612279851.1967237,"logger":"http","msg":"starting server loop","address":"[::]:10000","http3":false,"tls":false}
{"level":"info","ts":1612279851.1967316,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["chadig.com"]}
{"level":"info","ts":1612279851.1970587,"msg":"autosaved config","file":"/srv/caddy/caddy/autosave.json"}
{"level":"info","ts":1612279851.1970701,"msg":"serving initial configuration"}
{"level":"info","ts":1612279851.197117,"logger":"watcher","msg":"watching config file for changes","config_file":"/srv/caddy/Caddyfile"}
{"level":"info","ts":1612279851.198625,"logger":"tls.obtain","msg":"acquiring lock","identifier":"chadig.com"}
{"level":"info","ts":1612279851.1988738,"logger":"tls.obtain","msg":"lock acquired","identifier":"chadig.com"}
{"level":"info","ts":1612279851.2135224,"logger":"tls","msg":"cleaned up storage units"}
{"level":"info","ts":1612279851.2310524,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["chadig.com"]}
{"level":"info","ts":1612279851.2313771,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["chadig.com"]}
{"level":"debug","ts":1612279851.427612,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"GET","url":"https://acme-v02.api.letsencrypt.org/directory","headers":{"User-Agent":["Caddy/2.3.0 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["658"],"Content-Type":["application/json"],"Date":["Tue, 02 Feb 2021 15:30:51 GMT"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}}
{"level":"debug","ts":1612279851.478382,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"HEAD","url":"https://acme-v02.api.letsencrypt.org/acme/new-nonce","headers":{"User-Agent":["Caddy/2.3.0 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Cache-Control":["public, max-age=0, no-cache"],"Date":["Tue, 02 Feb 2021 15:30:51 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["REDACTED"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}}
{"level":"debug","ts":1612279851.6717246,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/new-order","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.3.0 CertMagic acmez (linux; amd64)"]},"status_code":201,"response_headers":{"Boulder-Requester":["111475789"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["332"],"Content-Type":["application/json"],"Date":["Tue, 02 Feb 2021 15:30:51 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Location":["https://acme-v02.api.letsencrypt.org/acme/order/111475789/7672128458"],"Replay-Nonce":["REDACTED"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}}
{"level":"debug","ts":1612279851.7331736,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/authz-v3/10552688666","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.3.0 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Boulder-Requester":["111475789"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["791"],"Content-Type":["application/json"],"Date":["Tue, 02 Feb 2021 15:30:51 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["REDACTED"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}}
{"level":"info","ts":1612279851.734325,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"chadig.com","challenge_type":"dns-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
{"level":"info","ts":1612279889.1973557,"logger":"watcher","msg":"config file changed; reloading","config_file":"/srv/caddy/Caddyfile"}
{"level":"info","ts":1612279889.1974769,"msg":"using provided configuration","config_file":"/srv/caddy/Caddyfile","config_adapter":"caddyfile"}
{"level":"info","ts":1612279889.2010999,"logger":"admin.api","msg":"config is unchanged"}
{"level":"debug","ts":1612279911.4443595,"logger":"http.stdlib","msg":"http: TLS handshake error from 61.219.11.153:64765: tls: first record does not look like a TLS handshake"}
{"level":"debug","ts":1612279974.3823225,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-v02.api.letsencrypt.org/acme/authz-v3/10552688666","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.3.0 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Boulder-Requester":["111475789"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["795"],"Content-Type":["application/json"],"Date":["Tue, 02 Feb 2021 15:32:54 GMT"],"Link":["<https://acme-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["REDACTED"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}}
{"level":"error","ts":1612279974.382853,"logger":"tls.obtain","msg":"will retry","error":"[chadig.com] Obtain: [chadig.com] solving challenges: waiting for solver *certmagic.DNS01Solver to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme-v02.api.letsencrypt.org/acme/order/111475789/7672128458) (ca=https://acme-v02.api.letsencrypt.org/directory)","attempt":1,"retrying_in":60,"elapsed":123.183965554,"max_duration":2592000}
{"level":"debug","ts":1612280034.4985955,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"GET","url":"https://acme-staging-v02.api.letsencrypt.org/directory","headers":{"User-Agent":["Caddy/2.3.0 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["724"],"Content-Type":["application/json"],"Date":["Tue, 02 Feb 2021 15:33:54 GMT"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}}
{"level":"debug","ts":1612280034.5503366,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"HEAD","url":"https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce","headers":{"User-Agent":["Caddy/2.3.0 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Cache-Control":["public, max-age=0, no-cache"],"Date":["Tue, 02 Feb 2021 15:33:54 GMT"],"Link":["<https://acme-staging-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["REDACTED"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}}
{"level":"debug","ts":1612280034.6308594,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-staging-v02.api.letsencrypt.org/acme/new-order","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.3.0 CertMagic acmez (linux; amd64)"]},"status_code":201,"response_headers":{"Boulder-Requester":["17882849"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["344"],"Content-Type":["application/json"],"Date":["Tue, 02 Feb 2021 15:33:54 GMT"],"Link":["<https://acme-staging-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Location":["https://acme-staging-v02.api.letsencrypt.org/acme/order/17882849/232800582"],"Replay-Nonce":["REDACTED"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}}
{"level":"debug","ts":1612280034.6594453,"logger":"tls.issuance.acme.acme_client","msg":"http request","method":"POST","url":"https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/201981911","headers":{"Content-Type":["application/jose+json"],"User-Agent":["Caddy/2.3.0 CertMagic acmez (linux; amd64)"]},"status_code":200,"response_headers":{"Boulder-Requester":["17882849"],"Cache-Control":["public, max-age=0, no-cache"],"Content-Length":["809"],"Content-Type":["application/json"],"Date":["Tue, 02 Feb 2021 15:33:54 GMT"],"Link":["<https://acme-staging-v02.api.letsencrypt.org/directory>;rel=\"index\""],"Replay-Nonce":["REDACTED"],"Server":["nginx"],"Strict-Transport-Security":["max-age=604800"],"X-Frame-Options":["DENY"]}}
{"level":"info","ts":1612280034.6599793,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"chadig.com","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
eslym commented 3 years ago

image obviously wrong txt record is added its caused by https://github.com/libdns/digitalocean/issues/4 changes needed for the go.mod files in both of this repo and libdns/digitalocean

awalkerca commented 3 years ago

Looks like upstream issues are resolved, this is promising!