Closed corford closed 1 year ago
We're not sure how to debug if this is a real bug or an issue with the DNS configuration (and how Caddy interacts with it) on the EC2 host. Simple checks like systemd-resolve --status
and cat /etc/hosts
all seem ok
@corford is this issue still present with the latest version https://github.com/caddy-dns/route53/releases/tag/v1.2.0?
We're using the Route53 DNS module to satisfy ACME challenges but are hitting a strange bug. For some reason, the TXT record created is malformed and wrongly duplicates the main zone as part of the subdomain (causing an endless verification timeout loop).
We are running caddy in a container on an EC2 machine.
Contents of Docker file for Caddy:
Contents of /etc/caddy/Caddyfile in the running container (real FQDN is different but have kept everything else the same)
This results in the following TXT record being created in Route53: _acme-challenge.www.mydomain.com.mydomain.com. (note the zone is duplicated).
The challenge verification then times out since it looks for _acme-challenge.www.mydomain.com. (which is never created).
If we manually create the correct TXT record (via the Route53 web console) and use the value from the wrongly auto-created TXT record, verification passes. The wrongly created TXT record is then automatically cleaned up, and the manually created one stays present.
Here's a log capture showing this (with
s/realFQDN/www.mydomain.com/g
to keep it generic):