caddy: Error trying to migrate to version 0.10.12
1. What version of Caddy are you using (caddy -version)?
Caddy 0.10.12 (+88edca6 Wed Apr 11 01:44:19 UTC 2018) (unofficial) 1 file changed, 26 insertions(+) caddy/caddymain/run.go
2. What are you trying to do?
Run caddy in the same manner as the previous version (0.10.11)
3. What is your entire Caddyfile?
andrewshinsuke.me {
gzip
tls aleewebproductions@gmail.com {
dns namecheap
}
header / {
Content-Security-Policy "upgrade-insecure-requests"
X-Forwarded-Proto "https"
X-Forwarded-Port "443"
}
root /var/www/andrewshinsuke
fastcgi / /run/php/php7.0-fpm.sock php
rewrite {
if {path} not_match ^\/wp-admin
to {path} {path}/ /index.php?_url={uri}
}
}
customer.pause.pizza {
gzip
proxy / localhost:1001
tls aleewebproductions@gmail.com {
dns namecheap
}
header / {
Content-Security-Policy "upgrade-insecure-requests"
}
}
kitchen.pause.pizza {
gzip
proxy / localhost:1002
tls aleewebproductions@gmail.com {
dns namecheap
}
header / {
Content-Security-Policy "upgrade-insecure-requests"
}
}
clutchmemes.gilgameshskytrooper.io {
gzip
proxy / localhost:1003
tls aleewebproductions@gmail.com {
dns namecheap
}
header / {
Content-Security-Policy "upgrade-insecure-requests"
}
}
chat.gilgameshskytrooper.io {
gzip
proxy / localhost:1004 {
websocket
transparent
}
tls aleewebproductions@gmail.com {
dns namecheap
}
header / {
Content-Security-Policy "upgrade-insecure-requests"
}
}
chatbot.gilgameshskytrooper.io {
gzip
proxy / localhost:1005 {
transparent
}
tls aleewebproductions@gmail.com {
dns namecheap
}
header / {
Access-Control-Allow-Origin "*"
Content-Security-Policy "upgrade-insecure-requests"
}
}
prometheus.gilgameshskytrooper.io {
gzip
proxy / localhost:1007
tls aleewebproductions@gmail.com {
dns namecheap
}
header / {
Content-Security-Policy "upgrade-insecure-requests"
}
}
adm.gilgameshskytrooper.io {
errors stdout
gzip
proxy / localhost:1008
tls aleewebproductions@gmail.com {
dns namecheap
}
header / {
Content-Security-Policy "upgrade-insecure-requests"
}
}
#hotel.gilgameshskytrooper.io {
# errors stdout
# gzip
# proxy / localhost:1009
#
# tls aleewebproductions@gmail.com {
# dns namecheap
# }
# header / {
# Content-Security-Policy "upgrade-insecure-requests"
# }
#
#}
hotel.gilgameshskytrooper.io {
errors stdout
log stdout
gzip
proxy / localhost:8080 {
transparent
}
timeouts none
tls aleewebproductions@gmail.com {
dns namecheap
}
}
bigdisk.gilgameshskytrooper.io {
errors stdout
log stdout
gzip
proxy / localhost:8080 {
transparent
}
timeouts none
tls aleewebproductions@gmail.com {
dns namecheap
}
}
clutchmemes.com {
log stdout
errors stdout
gzip
tls aleewebproductions@gmail.com {
dns namecheap
}
header / {
Content-Security-Policy "upgrade-insecure-requests"
X-Forwarded-Proto "https"
X-Forwarded-Port "443"
}
root /var/www/clutchmemes
fastcgi / /run/php/php7.0-fpm.sock php
rewrite {
if {path} not_match ^\/wp-admin
to {path} {path}/ /index.php?_url={uri}
}
}
4. How did you run Caddy (give the full command and describe the execution environment)?
Execution Environment: Ubuntu VM on Digital Ocean (Linux: AMD64) Go Version: go1.10 linux/amd64
cd ~/go/src/github.com/mholt/caddy
git pull origin master
cd caddy
(Add plugins in caddymain/run.go)
go run build.go
./caddy -conf /etc/caddy/Caddyfile -email aleewebproductions@gmail.com -agree
5. Please paste any relevant HTTP request(s) here.
6. What did you expect to see?
Similar results to running version 0.10.11
7. What did you see instead (give full error messages and/or log)?
Activating privacy features… 2018/04/10 21:49:55 [chatbot.gilgameshskytrooper.io] failed to get certificate: Time limit exceeded. Last error: NS dns2.registrar-servers.com. returned NXDOMAIN for _acme-challenge.chatbot.gilgameshskytrooper.io.
8. How can someone who is starting from scratch reproduce the bug as minimally as possible?
I’m not exactly sure (all my apps are pretty custom)
About this issue
- Original URL
- State: closed
- Created 6 years ago
- Comments: 18 (7 by maintainers)
You won’t hit rate limits using the staging endpoint (except in extreme cases) – so don’t bother waiting if you want to debug!
eeek – Make sure you use the staging endpoint when testing. If you haven’t hit it yet, you might soon.
Basically for the DNS challenge to work, Caddy (via the Namecheap package in an upstream repo) will set a special domain TXT value in your zone file. Let’s Encrypt’s servers verify that the TXT record is the right value, and issue the domain. The DNS challenge often fails if DNS providers have slow or inconsistent APIs, and we do see timeouts too, sometimes in the several minute range. That is unfortunate, and it’s up to your DNS provider to fix.
This looks like a problem with DNS plugin to me, but I’m not sure.