search

caddy-dns / porkbun

MIT License
25 stars 8 forks source link

on_demand tls fails #15

Open lukepighetti opened 3 weeks ago

lukepighetti commented 3 weeks ago

when i try to obtain a certificate on demand for customerdomain.com, i get this error from porkbun.

this is my first rodeo with TLS/DNS, is it reasonable to expect porkbun (and this integration) to handle this use case? if not, is there a particular dns provider that is known to work?

2024/08/21 12:26:29.649 INFO    http.acme_client    trying to solve challenge   {"identifier": "chadbod.app", "challenge_type": "dns-01", "ca": "https://acme-v02.api.letsencrypt.org/directory"}
2024/08/21 12:26:30.386 ERROR   http.acme_client    cleaning up solver  {"identifier": "chadbod.app", "challenge_type": "dns-01", "error": "no memory of presenting a DNS record for \"_acme-challenge.chadbod.app\" (usually OK if presenting also failed)"}
2024/08/21 12:26:30.457 ERROR   tls.obtain  could not get certificate from issuer   {"identifier": "chadbod.app", "issuer": "acme-v02.api.letsencrypt.org-directory", "error": "[chadbod.app] solving challenges: presenting for challenge: adding temporary record for zone \"chadbod.app.\": Invalid http response status, {\"status\":\"ERROR\",\"message\":\"Domain is not opted in to API access.\"} (order=https://acme-v02.api.letsencrypt.org/acme/order/1902835346/298178291746) (ca=https://acme-v02.api.letsencrypt.org/directory)"}
2024/08/21 12:26:30.457 ERROR   tls.obtain  will retry  {"error": "[chadbod.app] Obtain: [chadbod.app] solving challenges: presenting for challenge: adding temporary record for zone \"chadbod.app.\": Invalid http response status, {\"status\":\"ERROR\",\"message\":\"Domain is not opted in to API access.\"} (order=https://acme-v02.api.letsencrypt.org/acme/order/1902835346/298178291746) (ca=https://acme-v02.api.letsencrypt.org/directory)", "attempt": 1, "retrying_in": 60, "elapsed": 1.222814301, "max_duration": 2592000}
{
    on_demand_tls {
        ask https://ask.tappy.studio
    }
}

https:// {
        # this redirects customerdomain.com to a static http folder at /root/data/customerdomain.com
    root * /root/data/{http.request.host.labels.1}.{http.request.host.labels.0}
    file_server

    # on demand multi-tenant tls
    tls {
        # https://caddyserver.com/on-demand-tls
        on_demand
        dns porkbun {
            api_key <REDACTED>
            api_secret_key <REDACTED>
        }
        # https://caddy.community/t/could-not-determine-zone-for-domain/18720/7
        resolvers 8.8.8.8
    }
}
Niallfitzy1 commented 3 weeks ago

Hi @lukepighetti

In order to use libraries like this, you'll need to enable API access from Porkbun domain management.

Here's the Porkbun guide for configuration API access

Everything should hopefully go smoothly afterwards 🤞