Challenge fails claiming dns provider does not control specified zone

[starsoccer]

Logs below

{"level":"error","ts":1710942267.4963665,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"*.some.domain","issuer":"acme.zerossl.com-v2-DV90","error":"[*.some.domain] solving challenges: presenting for challenge: adding temporary record for zone \"some.domain.\": This DNS provider (https://XXXXXXXX/admin/dns/custom) does not control the specified zone (some.domain) (order=https://acme.zerossl.com/v2/DV90/order/WS5yvMALdQHOjQ5hf1GKkQ) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1710942267.4964108,"logger":"tls.obtain","msg":"will retry","error":"[*.some.domain] Obtain: [*.some.domain] solving challenges: presenting for challenge: adding temporary record for zone \"some.domain.\": This DNS provider (https://XXXXXXX/admin/dns/custom) does not control the specified zone (some.domain) (order=https://acme.zerossl.com/v2/DV90/order/WS5yvMALdQHOjQ5hf1GKkQ) (ca=https://acme.zerossl.com/v2/DV90)","attempt":1,"retrying_in":60,"elapsed":1.595847131,"max_duration":2592000}
{"level":"info","ts":1710942327.497451,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"*.some.domain"}
{"level":"info","ts":1710942327.9719977,"logger":"tls.issuance.acme.acme_client","msg":"trying to solve challenge","identifier":"*.some.domain","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
{"level":"error","ts":1710942327.9720736,"logger":"tls.issuance.acme.acme_client","msg":"cleaning up solver","identifier":"*.some.domain","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.some.domain\" (usually OK if presenting also failed)"}
{"level":"error","ts":1710942328.0477962,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"*.some.domain","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[*.some.domain] solving challenges: presenting for challenge: adding temporary record for zone \"some.domain.\": This DNS provider (https://XXXXXXX/admin/dns/custom) does not control the specified zone (some.domain) (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/141047364/15402251954) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
{"level":"info","ts":1710942328.684937,"logger":"tls.issuance.zerossl.acme_client","msg":"trying to solve challenge","identifier":"*.some.domain","challenge_type":"dns-01","ca":"https://acme.zerossl.com/v2/DV90"}
{"level":"error","ts":1710942328.684999,"logger":"tls.issuance.zerossl.acme_client","msg":"cleaning up solver","identifier":"*.some.domain","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.some.domain\" (usually OK if presenting also failed)"}
{"level":"error","ts":1710942328.8402696,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"*.some.domain","issuer":"acme.zerossl.com-v2-DV90","error":"[*.some.domain] solving challenges: presenting for challenge: adding temporary record for zone \"some.domain.\": This DNS provider (https://XXXXXXX/admin/dns/custom) does not control the specified zone (some.domain) (order=https://acme.zerossl.com/v2/DV90/order/m6URXUNOEEFuLhd7VFs5IQ) (ca=https://acme.zerossl.com/v2/DV90)"}
{"level":"error","ts":1710942328.840312,"logger":"tls.obtain","msg":"will retry","error":"[*.some.domain] Obtain: [*.some.domain] solving challenges: presenting for challenge: adding temporary record for zone \"some.domain.\": This DNS provider (https://XXXXXX/admin/dns/custom) does not control the specified zone (some.domain) (order=https://acme.zerossl.com/v2/DV90/order/m6URXUNOEEFuLhd7VFs5IQ) (ca=https://acme.zerossl.com/v2/DV90)","attempt":2,"retrying_in":120,"elapsed":62.93974797,"max_duration":2592000}

[luv2code]

It looks like you have your caddy file misconfigured. From this log, I can see that caddy is trying to get a wildcard cert for the domain some.domain from your box dns server at https://xxx.xxx.xxxxxxx. Since some.domain isn't a real TLD, I'm guessing this is a mistake. The wildcard part of the config should say *.xxx.xxxxxxx instead of *.some.domain

If you don't see the mistake, post your caddy file here with the sensitive stuff masked (passwords, email address, maybe ip addresses,) and I'll see if I can help.

[starsoccer]

@luv2code Thanks for reply. Would you mind removing the domain from your reply. I meant to edit it out to all XXXXX. Ive updated my original post to do that.

As for the domain, I was using some.domain as a place holder for my actual domain. It was indeed the correct domain. Caddy file below.

http://some domain:some port{
 reverse_proxy some ip:some port
}

*.some.domain:some port{
 reverse_proxy localip:port
 tls {
  dns mailinabox {
   api_url https://domain here/admin/dns/custom
   email_address email here
   password password here
  }
 }
}

[luv2code]

Would you mind removing the domain from your reply.

done.

so you figured it out?

[starsoccer]

Would you mind removing the domain from your reply.

done.

so you figured it out?

Thank you. Would you mind also deleting the edit revision history. If you click the little edited arrow and then click the old one and then click delete revision.

No I never got it working. It just continued to get the below error:

This DNS provider (https://XXXXXX/admin/dns/custom) does not control the specified zone

I am not really sure how to debug further as I am 100% sure it does control the domain. I am using acme.sh and the cerbot dns-multi now with mailinabox and it works fine

[luv2code]

Would you mind also deleting the edit revision history.

done.

If your box address is https://box.business.com, the log message says:

This DNS provider (https://box.business.com/admin/dns/custom) does not control the specified zone (business.com)

If your box is at box.business.com, and you're trying to get a wildcard for *.shop.com, it won't work because multi-zone mail-in-a-box dns isn't supported by this plugin yet.

the code that is throws this error is here: https://github.com/libdns/mailinabox/blob/e163e289a4429e66fd270f32bef22450539cbe1d/provider.go#L40

It checks that the zone, "business.com", is contained withing the API string, "https://box.business.com/admin/dns/custom". If it isn't, this error is logged and it doesn't work.

[starsoccer]

Ah okay well that would explain the issue I am having then. I assumed as long as my mail in the box(MIAB) had the domain it would work. I didnt think there was any difference really. Just to make sure I am understanding correctly though I am going to give an example of what I ideally want and just confirm its not supported.

So, I have the domain lets call it miab.com, and my mail in a box server(MIAB) is configured on this domain such that the admin interface is at box.miab.com. This same MIAB server also hosts another domain, lets call it caddy.com. Now I want to use this addon to get a certificate for proxy.caddy.com. Even though caddy.com is hosted on a MIAB server, because the admin domain does not match the domain of the certificate it will not work.

[luv2code]

You got it right.

It only doesn't work because I don't have the inclination to make it work. My box only hosts a single domain. To make it work with multiple, I'd want to set my own box up to with multiple zones to test. I just don't need or want to do that.

I did add a note to the readme so maybe others can avoid this confusion.

[starsoccer]

Okay cool noted. Shall I close this issue for the time being then noted its not supported?