Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to get wildcard letsencrypt certificate #9

Open
tankuanhong opened this issue Jul 6, 2023 · 1 comment
Open

Unable to get wildcard letsencrypt certificate #9

tankuanhong opened this issue Jul 6, 2023 · 1 comment

Comments

@tankuanhong
Copy link

Hi,

My DNS is hosted on Cloudflare.
I have NS records for _acme-challenge pointing to Hetzner DNS to enable automated cert management for load balancer.
I have a standalone VM requiring its own certificate so I am using Caddy with dns.providers.hetzner to perform dns-01 challenge.

I can confirm that _acme-challenge.mydomain.com is created but somehow caddy is not getting the cert.

{"level":"info","ts":"2023-07-06T16:10:32.308+0800","logger":"tls.obtain","msg":"obtaining certificate","identifier":"*.mydomain.com"}
{"level":"debug","ts":"2023-07-06T16:10:32.309+0800","logger":"tls.obtain","msg":"trying issuer 1/1","issuer":"acme-staging-v02.api.letsencrypt.org-directory"}
{"level":"error","ts":"2023-07-06T16:12:36.836+0800","logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":".mydomain.com","issuer":"acme-staging-v02.api.letsencrypt.org-directory","error":"[.mydomain.com] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/<redacted>/<redacted>) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
{"level":"error","ts":"2023-07-06T16:12:36.838+0800","logger":"tls.obtain","msg":"will retry","error":"[.mydomain.com] Obtain: [.mydomain.com] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/<redacted>/<redacted>) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":1,"retrying_in":60,"elapsed":124.530103601,"max_duration":2592000}
@tankuanhong
Copy link
Author

After further testing seems like the challenge token does not match. Caddy could be using the wrong identifier to hash the challenge token (there is an extra period at the start of the domain). To be confirmed.

@collinvandyck collinvandyck mentioned this issue Jul 24, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@tankuanhong