search

caddy-dns / gandi

Caddy module: dns.providers.gandi
MIT License
12 stars 4 forks source link

403 denied from liveDNS #6

Closed Barnoux closed 2 months ago

Barnoux commented 2 months ago

Hello,

I'm on a weird thing but i think, i didn't do something right. Actually, caddy can't renew cetificate with challenge dns-01 method.

I already used the dns-01 challenge to create certificate and i t was working. As gandi, recommand it, i use a PAT token.

I already test the right on the PAT token with a curl and it is working.

i'm using caddy with docker in rootless mode on a ubuntu raspeberry pi 4B: v2.7.6 h1:w0NymbG2m9PcvKWsrXO6EEkY9Ru4FJK8uQbYcev1p3A=

Here you can find the log:

{"level":"info","ts":1714291592.4468634,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//127.0.0.1:2019","//localhost:2019","//[::1]:2019"]}
{"level":"info","ts":1714291592.4477386,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0x400065c980"}
{"level":"info","ts":1714291592.4479587,"logger":"http.auto_https","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
{"level":"info","ts":1714291592.4480488,"logger":"http.auto_https","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
{"level":"warn","ts":1714291592.4480925,"logger":"http.auto_https","msg":"server is listening only on the HTTP port, so no automatic HTTPS will be applied to this server","server_name":"srv1","http_port":80}
{"level":"info","ts":1714291594.102408,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
{"level":"info","ts":1714291594.1033092,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
{"level":"info","ts":1714291594.1036127,"logger":"http.log","msg":"server running","name":"srv1","protocols":["h1","h2","h3"]}
{"level":"info","ts":1714291594.103691,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["crowdsec-lapi.one4all.icu","vaultwarden.one4all.icu","unifi.one4all.icu"]}
{"level":"info","ts":1714291594.1045113,"msg":"serving initial configuration"}
{"level":"info","ts":1714291594.1057403,"logger":"tls.obtain","msg":"acquiring lock","identifier":"crowdsec-lapi.one4all.icu"}
{"level":"info","ts":1714291594.1136107,"logger":"tls.obtain","msg":"acquiring lock","identifier":"vaultwarden.one4all.icu"}
{"level":"info","ts":1714291594.1140223,"logger":"tls.obtain","msg":"acquiring lock","identifier":"unifi.one4all.icu"}
{"level":"info","ts":1714291594.1153245,"logger":"tls.obtain","msg":"lock acquired","identifier":"crowdsec-lapi.one4all.icu"}
{"level":"warn","ts":1714291594.1156428,"logger":"tls","msg":"storage cleaning happened too recently; skipping for now","storage":"FileStorage:/data/caddy","instance":"eee7b82e-de61-4f24-a189-ad02d59f1f71","try_again":1714377994.115637,"try_again_in":86399.999997166}
{"level":"info","ts":1714291594.1158938,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"crowdsec-lapi.one4all.icu"}
{"level":"info","ts":1714291594.1158996,"logger":"tls","msg":"finished cleaning storage units"}
{"level":"info","ts":1714291594.118876,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["crowdsec-lapi.one4all.icu"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":""}
{"level":"info","ts":1714291594.1190138,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["crowdsec-lapi.one4all.icu"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":""}
{"level":"info","ts":1714291594.1246433,"logger":"tls.obtain","msg":"lock acquired","identifier":"vaultwarden.one4all.icu"}
{"level":"info","ts":1714291594.1254735,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"vaultwarden.one4all.icu"}
{"level":"info","ts":1714291594.1284652,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["vaultwarden.one4all.icu"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":""}
{"level":"info","ts":1714291594.1285927,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["vaultwarden.one4all.icu"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":""}
{"level":"info","ts":1714291594.1290307,"logger":"tls.obtain","msg":"lock acquired","identifier":"unifi.one4all.icu"}
{"level":"info","ts":1714291594.129561,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"unifi.one4all.icu"}
{"level":"info","ts":1714291594.1325417,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["unifi.one4all.icu"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":""}
{"level":"info","ts":1714291594.1326861,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["unifi.one4all.icu"],"ca":"https://acme-v02.api.letsencrypt.org/directory","account":""}
{"level":"info","ts":1714291595.2538826,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"vaultwarden.one4all.icu","challenge_type":"dns-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
{"level":"info","ts":1714291595.3295097,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"crowdsec-lapi.one4all.icu","challenge_type":"dns-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
{"level":"error","ts":1714291595.402556,"logger":"tls.issuance.acme.acme_client","msg":"cleaning up solver","identifier":"vaultwarden.one4all.icu","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.vaultwarden.one4all.icu\" (usually OK if presenting also failed)"}
{"level":"info","ts":1714291595.4149024,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"unifi.one4all.icu","challenge_type":"dns-01","ca":"https://acme-v02.api.letsencrypt.org/directory"}
{"level":"error","ts":1714291595.4709754,"logger":"tls.issuance.acme.acme_client","msg":"cleaning up solver","identifier":"crowdsec-lapi.one4all.icu","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.crowdsec-lapi.one4all.icu\" (usually OK if presenting also failed)"}
{"level":"error","ts":1714291595.552268,"logger":"tls.issuance.acme.acme_client","msg":"cleaning up solver","identifier":"unifi.one4all.icu","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.unifi.one4all.icu\" (usually OK if presenting also failed)"}
{"level":"error","ts":1714291595.5725703,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"vaultwarden.one4all.icu","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[vaultwarden.one4all.icu] solving challenges: presenting for challenge: adding temporary record for zone \"one4all.icu.\": LiveDNS returned a 403 (Access was denied to this resource.) (order=https://acme-v02.api.letsencrypt.org/acme/order/1696472417/264777802507) (ca=https://acme-v02.api.letsencrypt.org/directory)"}
{"level":"info","ts":1714291595.5755095,"logger":"tls.issuance.zerossl","msg":"waiting on internal rate limiter","identifiers":["vaultwarden.one4all.icu"],"ca":"https://acme.zerossl.com/v2/DV90","account":""}
{"level":"info","ts":1714291595.575645,"logger":"tls.issuance.zerossl","msg":"done waiting on internal rate limiter","identifiers":["vaultwarden.one4all.icu"],"ca":"https://acme.zerossl.com/v2/DV90","account":""}
{"level":"error","ts":1714291595.6430342,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"crowdsec-lapi.one4all.icu","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[crowdsec-lapi.one4all.icu] solving challenges: presenting for challenge: adding temporary record for zone \"one4all.icu.\": LiveDNS returned a 403 (Access was denied to this resource.) (order=https://acme-v02.api.letsencrypt.org/acme/order/1696472417/264777802607) (ca=https://acme-v02.api.letsencrypt.org/directory)"}
{"level":"info","ts":1714291595.6467245,"logger":"tls.issuance.zerossl","msg":"waiting on internal rate limiter","identifiers":["crowdsec-lapi.one4all.icu"],"ca":"https://acme.zerossl.com/v2/DV90","account":""}
{"level":"info","ts":1714291595.6470873,"logger":"tls.issuance.zerossl","msg":"done waiting on internal rate limiter","identifiers":["crowdsec-lapi.one4all.icu"],"ca":"https://acme.zerossl.com/v2/DV90","account":""}
{"level":"error","ts":1714291595.7190344,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"unifi.one4all.icu","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[unifi.one4all.icu] solving challenges: presenting for challenge: adding temporary record for zone \"one4all.icu.\": LiveDNS returned a 403 (Access was denied to this resource.) (order=https://acme-v02.api.letsencrypt.org/acme/order/1696472417/264777802697) (ca=https://acme-v02.api.letsencrypt.org/directory)"}
{"level":"info","ts":1714291595.7227662,"logger":"tls.issuance.zerossl","msg":"waiting on internal rate limiter","identifiers":["unifi.one4all.icu"],"ca":"https://acme.zerossl.com/v2/DV90","account":""}
{"level":"info","ts":1714291595.7229846,"logger":"tls.issuance.zerossl","msg":"done waiting on internal rate limiter","identifiers":["unifi.one4all.icu"],"ca":"https://acme.zerossl.com/v2/DV90","account":""}
{"level":"error","ts":1714291596.0755703,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"vaultwarden.one4all.icu","issuer":"acme.zerossl.com-v2-DV90","error":"[vaultwarden.one4all.icu] creating new order: attempt 1: https://acme.zerossl.com/v2/DV90/newOrder: HTTP 429: <html>\r\n<head><title>429 Too Many Requests</title></head>\r\n<body>\r\n<center><h1>429 Too Many Requests</h1></center>\r\n<hr><center>nginx</center>\r\n</body>\r\n</html>\r\n (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1714291596.075835,"logger":"tls.obtain","msg":"will retry","error":"[vaultwarden.one4all.icu] Obtain: [vaultwarden.one4all.icu] creating new order: attempt 1: https://acme.zerossl.com/v2/DV90/newOrder: HTTP 429: <html>\r\n<head><title>429 Too Many Requests</title></head>\r\n<body>\r\n<center><h1>429 Too Many Requests</h1></center>\r\n<hr><center>nginx</center>\r\n</body>\r\n</html>\r\n (ca=https://acme.zerossl.com/v2/DV90)","attempt":1,"retrying_in":60,"elapsed":1.950902328,"max_duration":2592000}
{"level":"info","ts":1714291596.7413254,"logger":"tls.issuance.zerossl.acme_client","msg":"trying to solve challenge","identifier":"unifi.one4all.icu","challenge_type":"dns-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"info","ts":1714291596.7513735,"logger":"tls.issuance.zerossl.acme_client","msg":"trying to solve challenge","identifier":"crowdsec-lapi.one4all.icu","challenge_type":"dns-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"error","ts":1714291596.792135,"logger":"tls.issuance.zerossl.acme_client","msg":"cleaning up solver","identifier":"unifi.one4all.icu","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.unifi.one4all.icu\" (usually OK if presenting also failed)"}
{"level":"error","ts":1714291596.842961,"logger":"tls.issuance.zerossl.acme_client","msg":"cleaning up solver","identifier":"crowdsec-lapi.one4all.icu","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.crowdsec-lapi.one4all.icu\" (usually OK if presenting also failed)"}
{"level":"error","ts":1714291597.1495845,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"unifi.one4all.icu","issuer":"acme.zerossl.com-v2-DV90","error":"[unifi.one4all.icu] solving challenges: presenting for challenge: adding temporary record for zone \"one4all.icu.\": LiveDNS returned a 403 (Access was denied to this resource.) (order=https://acme.zerossl.com/v2/DV90/order/QFMF3RLxy-LyGX7NcONblg) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1714291597.149984,"logger":"tls.obtain","msg":"will retry","error":"[unifi.one4all.icu] Obtain: [unifi.one4all.icu] solving challenges: presenting for challenge: adding temporary record for zone \"one4all.icu.\": LiveDNS returned a 403 (Access was denied to this resource.) (order=https://acme.zerossl.com/v2/DV90/order/QFMF3RLxy-LyGX7NcONblg) (ca=https://acme.zerossl.com/v2/DV90)","attempt":1,"retrying_in":60,"elapsed":3.020867167,"max_duration":2592000}
{"level":"error","ts":1714291597.1792266,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"crowdsec-lapi.one4all.icu","issuer":"acme.zerossl.com-v2-DV90","error":"[crowdsec-lapi.one4all.icu] solving challenges: presenting for challenge: adding temporary record for zone \"one4all.icu.\": LiveDNS returned a 403 (Access was denied to this resource.) (order=https://acme.zerossl.com/v2/DV90/order/NMFUeiA-SOvq0hanzmHzYQ) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1714291597.1794944,"logger":"tls.obtain","msg":"will retry","error":"[crowdsec-lapi.one4all.icu] Obtain: [crowdsec-lapi.one4all.icu] solving challenges: presenting for challenge: adding temporary record for zone \"one4all.icu.\": LiveDNS returned a 403 (Access was denied to this resource.) (order=https://acme.zerossl.com/v2/DV90/order/NMFUeiA-SOvq0hanzmHzYQ) (ca=https://acme.zerossl.com/v2/DV90)","attempt":1,"retrying_in":60,"elapsed":3.064084069,"max_duration":2592000}
{"level":"error","ts":1714291610.0469487,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"167.94.145.101","remote_port":"51528","client_ip":"167.94.145.101","proto":"HTTP/1.1","method":"GET","host":"78.122.83.202:80","uri":"/","headers":{}},"bytes_read":0,"user_id":"","duration":0.000051055,"size":9,"status":404,"resp_headers":{"Server":["Caddy"],"Content-Type":["text/plain; charset=utf-8"]}}
{"level":"error","ts":1714291613.1010063,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"167.94.145.101","remote_port":"55996","client_ip":"167.94.145.101","proto":"HTTP/1.1","method":"GET","host":"78.122.83.202","uri":"/","headers":{"Accept":["*/*"],"Accept-Encoding":["gzip"],"User-Agent":["Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)"]}},"bytes_read":0,"user_id":"","duration":0.000046259,"size":9,"status":404,"resp_headers":{"Server":["Caddy"],"Content-Type":["text/plain; charset=utf-8"]}}
{"level":"error","ts":1714291613.1483254,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"167.94.145.101","remote_port":"56012","client_ip":"167.94.145.101","proto":"HTTP/2.0","method":"PRI","host":"","uri":"*","headers":{}},"bytes_read":0,"user_id":"","duration":0.00005063,"size":9,"status":404,"resp_headers":{"Server":["Caddy"],"Content-Type":["text/plain; charset=utf-8"]}}
{"level":"info","ts":1714291656.078281,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"vaultwarden.one4all.icu"}
{"level":"info","ts":1714291657.1435564,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"vaultwarden.one4all.icu","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
{"level":"info","ts":1714291657.1511674,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"unifi.one4all.icu"}
{"level":"info","ts":1714291657.1803553,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"crowdsec-lapi.one4all.icu"}
{"level":"error","ts":1714291657.1817722,"logger":"tls.issuance.acme.acme_client","msg":"cleaning up solver","identifier":"vaultwarden.one4all.icu","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.vaultwarden.one4all.icu\" (usually OK if presenting also failed)"}
{"level":"error","ts":1714291657.3623273,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"vaultwarden.one4all.icu","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[vaultwarden.one4all.icu] solving challenges: presenting for challenge: adding temporary record for zone \"one4all.icu.\": LiveDNS returned a 403 (Access was denied to this resource.) (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/146197004/16197608674) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
{"level":"info","ts":1714291657.6927218,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"unifi.one4all.icu","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
{"level":"info","ts":1714291657.7261112,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"crowdsec-lapi.one4all.icu","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
{"level":"error","ts":1714291657.7327712,"logger":"tls.issuance.acme.acme_client","msg":"cleaning up solver","identifier":"unifi.one4all.icu","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.unifi.one4all.icu\" (usually OK if presenting also failed)"}
{"level":"error","ts":1714291657.7867808,"logger":"tls.issuance.acme.acme_client","msg":"cleaning up solver","identifier":"crowdsec-lapi.one4all.icu","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.crowdsec-lapi.one4all.icu\" (usually OK if presenting also failed)"}
{"level":"error","ts":1714291657.9070628,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"unifi.one4all.icu","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[unifi.one4all.icu] solving challenges: presenting for challenge: adding temporary record for zone \"one4all.icu.\": LiveDNS returned a 403 (Access was denied to this resource.) (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/146197004/16197608794) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
{"level":"error","ts":1714291657.963719,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"crowdsec-lapi.one4all.icu","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[crowdsec-lapi.one4all.icu] solving challenges: presenting for challenge: adding temporary record for zone \"one4all.icu.\": LiveDNS returned a 403 (Access was denied to this resource.) (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/146197004/16197608814) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
{"level":"info","ts":1714291658.267437,"logger":"tls.issuance.zerossl.acme_client","msg":"trying to solve challenge","identifier":"vaultwarden.one4all.icu","challenge_type":"dns-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"error","ts":1714291658.3218498,"logger":"tls.issuance.zerossl.acme_client","msg":"cleaning up solver","identifier":"vaultwarden.one4all.icu","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.vaultwarden.one4all.icu\" (usually OK if presenting also failed)"}
{"level":"error","ts":1714291658.6207426,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"vaultwarden.one4all.icu","issuer":"acme.zerossl.com-v2-DV90","error":"[vaultwarden.one4all.icu] solving challenges: presenting for challenge: adding temporary record for zone \"one4all.icu.\": LiveDNS returned a 403 (Access was denied to this resource.) (order=https://acme.zerossl.com/v2/DV90/order/KvYbOVZqvf0hZXfxNYsu7A) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1714291658.6210153,"logger":"tls.obtain","msg":"will retry","error":"[vaultwarden.one4all.icu] Obtain: [vaultwarden.one4all.icu] solving challenges: presenting for challenge: adding temporary record for zone \"one4all.icu.\": LiveDNS returned a 403 (Access was denied to this resource.) (order=https://acme.zerossl.com/v2/DV90/order/KvYbOVZqvf0hZXfxNYsu7A) (ca=https://acme.zerossl.com/v2/DV90)","attempt":2,"retrying_in":120,"elapsed":64.496082984,"max_duration":2592000}
{"level":"info","ts":1714291658.841263,"logger":"tls.issuance.zerossl.acme_client","msg":"trying to solve challenge","identifier":"unifi.one4all.icu","challenge_type":"dns-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"error","ts":1714291658.891976,"logger":"tls.issuance.zerossl.acme_client","msg":"cleaning up solver","identifier":"unifi.one4all.icu","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.unifi.one4all.icu\" (usually OK if presenting also failed)"}
{"level":"info","ts":1714291658.8953407,"logger":"tls.issuance.zerossl.acme_client","msg":"trying to solve challenge","identifier":"crowdsec-lapi.one4all.icu","challenge_type":"dns-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"error","ts":1714291658.9344628,"logger":"tls.issuance.zerossl.acme_client","msg":"cleaning up solver","identifier":"crowdsec-lapi.one4all.icu","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.crowdsec-lapi.one4all.icu\" (usually OK if presenting also failed)"}
{"level":"error","ts":1714291659.1847923,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"unifi.one4all.icu","issuer":"acme.zerossl.com-v2-DV90","error":"[unifi.one4all.icu] solving challenges: presenting for challenge: adding temporary record for zone \"one4all.icu.\": LiveDNS returned a 403 (Access was denied to this resource.) (order=https://acme.zerossl.com/v2/DV90/order/0x3t7TgR9ks-XXc_MeCOiA) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1714291659.1850808,"logger":"tls.obtain","msg":"will retry","error":"[unifi.one4all.icu] Obtain: [unifi.one4all.icu] solving challenges: presenting for challenge: adding temporary record for zone \"one4all.icu.\": LiveDNS returned a 403 (Access was denied to this resource.) (order=https://acme.zerossl.com/v2/DV90/order/0x3t7TgR9ks-XXc_MeCOiA) (ca=https://acme.zerossl.com/v2/DV90)","attempt":2,"retrying_in":120,"elapsed":65.055963739,"max_duration":2592000}
{"level":"error","ts":1714291659.2969759,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"crowdsec-lapi.one4all.icu","issuer":"acme.zerossl.com-v2-DV90","error":"[crowdsec-lapi.one4all.icu] solving challenges: presenting for challenge: adding temporary record for zone \"one4all.icu.\": LiveDNS returned a 403 (Access was denied to this resource.) (order=https://acme.zerossl.com/v2/DV90/order/V1jKmx1tSg8JFyp3sy0oEA) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1714291659.2972617,"logger":"tls.obtain","msg":"will retry","error":"[crowdsec-lapi.one4all.icu] Obtain: [crowdsec-lapi.one4all.icu] solving challenges: presenting for challenge: adding temporary record for zone \"one4all.icu.\": LiveDNS returned a 403 (Access was denied to this resource.) (order=https://acme.zerossl.com/v2/DV90/order/V1jKmx1tSg8JFyp3sy0oEA) (ca=https://acme.zerossl.com/v2/DV90)","attempt":2,"retrying_in":120,"elapsed":65.181851407,"max_duration":2592000}
Barnoux commented 2 months ago

found my mistake caddy donesn't support the configuration that i have done. i have to import the env file to make it work. Sorry :/ https://caddy.community/t/how-can-i-use-docker-secrets-with-caddy-containers/15279 https://caddyserver.com/docs/conventions#placeholders https://github.com/caddyserver/caddy/issues/5374