Closed conrad82 closed 3 years ago
Ah, yeah that's unfortunately a limitation of duckdns, you can only set up TXT records on the main subdomain (not on any sub-subdomains) which also means only one acme challenge record at a time.
To fetch a wildcard cert, you'll need to write your config like this:
*.your.duckdns.org {
tls {
dns duckdns {env.DUCKDNS_TOKEN}
}
@foo host foo.your.duckdns.org
handle @foo {
# do whatever
}
@bar host bar.your.duckdns.org
handle @bar {
# do whatever
}
handle {
# fallback for otherwise unhandled domains
}
}
I haven't tried that with challenge delegation yet but the same concept should apply.
Thanks for your reply, I will give it a try later on!
I am using duckdns since it is supported by caddy out of the box, while the domain is different, so
my.example.com CNAME my.duckdns.org
- but that should not change your example code.
Maybe a different nameserver provider would be a better solution
Closing the issue
Regarding https://github.com/caddy-dns/duckdns#challenge-delegation
This is maybe not a bug, but I migrated from local certs to let's encrypt using a new domain, CNAME to duckdns, and
override_domain
like so:This resulted in a lot of Incorrect TXT record errors, which I suspect is due to all my subdomains trying to register with let's encrypt at the same time, resulting in overwrites of the TXT records.
Is this something that can be fixed by either some wildcard certificate request, or by staggering the requests, or adding different timeouts?
The subdomain seem to be trickling in, after 10-20 minutes about 5 of 8 subdomains are working.