Caddy and RFC2136

#1

Hi community,

I am trying for hours to make Caddy update the _acme-challenge TXT via

tls { dns lego_deprecated rfc2136 }
(snip from caddyfile, Caddy v2 compiled with module lego-deprecated)

I need this because I would like to host a https site on non-default port. The same works with cloudflare but I do not need/want CF in between me and my server.

This website tells me to set env vars:

So I set the envs up like this:

823×84 43.5 KB

Is this the right way? Caddy log tells me this:

{"level":"warn","ts":1612467943.5180006,"logger":"tls.issuance.acme.acme_client","msg":"HTTP request failed; retrying","url":"https://acme-staging-v02.api.letsencrypt.org/directory","error":"performing request: Get \"https://acme-staging-v02.api.letsencrypt.org/directory\": read tcp [b16b:00b5:9c0:3800:dc94:56e5:d625:4e56]:52537->[2606:4700:60:0:f41b:d4fe:4325:6026]:443: wsarecv: Eine vorhandene Verbindung wurde vom Remotehost geschlossen."}
{"level":"warn","ts":1612467946.519031,"logger":"tls.issuance.acme.acme_client","msg":"HTTP request failed; retrying","url":"https://acme-staging-v02.api.letsencrypt.org/directory","error":"performing request: Get \"https://acme-staging-v02.api.letsencrypt.org/directory\": read tcp [b16b:00b5:9c0:3800:dc94:56e5:d625:4e56]:52538->[2606:4700:60:0:f41b:d4fe:4325:6026]:443: wsarecv: Eine vorhandene Verbindung wurde vom Remotehost geschlossen."}
{"level":"warn","ts":1612467955.5882125,"logger":"tls.issuance.acme.acme_client","msg":"HTTP request failed; retrying","url":"https://acme-staging-v02.api.letsencrypt.org/directory","error":"performing request: Get \"https://acme-staging-v02.api.letsencrypt.org/directory\": read tcp [b16b:00b5:9c0:3800:dc94:56e5:d625:4e56]:52539->[2606:4700:60:0:f41b:d4fe:4325:6026]:443: wsarecv: Eine vorhandene Verbindung wurde vom Remotehost geschlossen."}
{"level":"error","ts":1612467955.5882125,"logger":"tls.obtain","msg":"will retry","error":"[mycoolsubdomain.v6.rocks] Obtain: [mycoolsubdomain.v6.rocks] creating new order: provisioning client: performing request: Get \"https://acme-staging-v02.api.letsencrypt.org/directory\": read tcp [b16b:00b5:9c0:3800:dc94:56e5:d625:4e56]:52539->[2606:4700:60:0:f41b:d4fe:4325:6026]:443: wsarecv: Eine vorhandene Verbindung wurde vom Remotehost geschlossen. (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":5,"retrying_in":600,"elapsed":710.8568515,"max_duration":2592000}

Eine vorhandene Verbindung wurde vom Remotehost geschlossen. (German)

Means: An existing connection was closed by the remote host.

I took the idea that this should work somehow from here: https://dynv6.com/docs/apis#dns-update

I also asked for help here: https://caddy.community/t/caddy-v2-and-rfc2136/11392

#2

Ok, LE servers were on maintenance on the 5th. Now I get ‘REFUSED’ by dynv6 DNS server.

{"level":"error","ts":1612700760.4171646,"logger":"tls.obtain","msg":"will retry","error":"[mycoolsubdomain.v6.rocks] Obtain: [mycoolsubdomain.v6.rocks] solving challenges: presenting for challenge: rfc2136: failed to insert: unexpected response code 'REFUSED' for _acme-challenge.mycoolsubdomain.v6.rocks. (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/17924088/235606685) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":2,"retrying_in":120,"elapsed":62.9314713,"max_duration":2592000}

Are my ENV vars correct?

#3

Please help, I would like to run a web server on non-default port with https via let’s encrypt…