Logic bug with .vip TLD? #21

JusticeGH · 2025-01-09T23:18:56Z

I've been furiously trying to diagnose why Caddy is unable to successfully complete the DNS challenge. Bear with me as I've had to work with ChatGPT on this one, but I feel like I've been pretty thorough with it before come here.

In the Docker logs, I'm being given this error:
(error="... presenting for challenge: adding temporary record for zone \"vip.\": Invalid http response status ... \"Invalid domain.\" ...

which GPT comments:

This indicates that the porkbun plugin is trying to create a DNS record for the zone named vip. rather than justinhome.vip, which of course fails with “Invalid domain.”

Given:
You see zone "vip." in the logs.
Manual calls to the Porkbun API for your real domain justinhome.vip succeed (you tested _acme-challenge.files.justinhome.vip).
All the environment issues (IPv6, DNS recursion) are resolved.
…this is almost certainly a logic bug in the caddy-dns/porkbun plugin or in the underlying domain parser that it uses. The plugin sees .vip, but internally it’s concluding .vip is not a recognized TLD, dropping everything but “vip.” as the final zone.

ChatGPT mentioned to provide the following in my issue request:

The logs that show zone "vip."
The domain “justinhome.vip” (a .vip TLD).
The fact that manual API calls for “justinhome.vip” succeed, but the plugin tries “vip.”

Here are the Docker logs:

{"level":"info","ts":1736463573.6719713,"msg":"using config from file","file":"/etc/caddy/Caddyfile"}
{"level":"info","ts":1736463573.6734023,"msg":"adapted config to JSON","adapter":"caddyfile"}
{"level":"info","ts":1736463573.6745296,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
{"level":"info","ts":1736463573.6746674,"logger":"http.auto_https","msg":"server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS","server_name":"srv0","https_port":443}
{"level":"info","ts":1736463573.674682,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc0003d4b80"}
{"level":"info","ts":1736463573.6746893,"logger":"http.auto_https","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
{"level":"info","ts":1736463573.676664,"logger":"tls","msg":"storage cleaning happened too recently; skipping for now","storage":"FileStorage:/data/caddy","instance":"19418ead-0d28-4bc7-9a2b-ca615ff9a116","try_again":1736549973.6766634,"try_again_in":86399.999999759}
{"level":"info","ts":1736463573.676719,"logger":"tls","msg":"finished cleaning storage units"}
{"level":"info","ts":1736463573.6962252,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
{"level":"info","ts":1736463573.7064917,"msg":"failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 7168 kiB, got: 416 kiB). See https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes for details."}
{"level":"info","ts":1736463573.7066154,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
{"level":"warn","ts":1736463573.7167213,"logger":"http","msg":"HTTP/2 skipped because it requires TLS","network":"tcp","addr":":80"}
{"level":"warn","ts":1736463573.7167404,"logger":"http","msg":"HTTP/3 skipped because it requires TLS","network":"tcp","addr":":80"}
{"level":"info","ts":1736463573.7167437,"logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","protocols":["h1","h2","h3"]}
{"level":"info","ts":1736463573.7167463,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["justinhome.vip","*.justinhome.vip","files.justinhome.vip","pdf.justinhome.vip"]}
{"level":"info","ts":1736463573.716881,"msg":"autosaved config (load with --resume flag)","file":"/config/caddy/autosave.json"}
{"level":"info","ts":1736463573.7168975,"msg":"serving initial configuration"}
{"level":"info","ts":1736463573.7187817,"logger":"tls.obtain","msg":"acquiring lock","identifier":"files.justinhome.vip"}
{"level":"info","ts":1736463573.7187977,"logger":"tls.obtain","msg":"acquiring lock","identifier":"justinhome.vip"}
{"level":"info","ts":1736463573.718829,"logger":"tls.obtain","msg":"acquiring lock","identifier":"*.justinhome.vip"}
{"level":"info","ts":1736463573.719729,"logger":"tls.obtain","msg":"acquiring lock","identifier":"pdf.justinhome.vip"}
{"level":"info","ts":1736463573.7204978,"logger":"tls.obtain","msg":"lock acquired","identifier":"justinhome.vip"}
{"level":"info","ts":1736463573.7205467,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"justinhome.vip"}
{"level":"info","ts":1736463573.7205029,"logger":"tls.obtain","msg":"lock acquired","identifier":"*.justinhome.vip"}
{"level":"info","ts":1736463573.7206435,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"*.justinhome.vip"}
{"level":"info","ts":1736463573.720511,"logger":"tls.obtain","msg":"lock acquired","identifier":"files.justinhome.vip"}
{"level":"info","ts":1736463573.720751,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"files.justinhome.vip"}
{"level":"info","ts":1736463573.7208412,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["justinhome.vip"],"ca":"https://acme-staging-v02.api.letsencrypt.org/directory","account":"<email>"}
{"level":"info","ts":1736463573.7208714,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["justinhome.vip"],"ca":"https://acme-staging-v02.api.letsencrypt.org/directory","account":"<email>"}
{"level":"info","ts":1736463573.720882,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme-staging-v02.api.letsencrypt.org/acme/acct/179498584","account_contact":["mailto:<email>"]}
{"level":"info","ts":1736463573.720891,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["*.justinhome.vip"],"ca":"https://acme-staging-v02.api.letsencrypt.org/directory","account":"<email>"}
{"level":"info","ts":1736463573.7209687,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["*.justinhome.vip"],"ca":"https://acme-staging-v02.api.letsencrypt.org/directory","account":"<email>"}
{"level":"info","ts":1736463573.7209947,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme-staging-v02.api.letsencrypt.org/acme/acct/179498584","account_contact":["mailto:<email>"]}
{"level":"info","ts":1736463573.7209804,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["files.justinhome.vip"],"ca":"https://acme-staging-v02.api.letsencrypt.org/directory","account":"<email>"}
{"level":"info","ts":1736463573.7210112,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["files.justinhome.vip"],"ca":"https://acme-staging-v02.api.letsencrypt.org/directory","account":"<email>"}
{"level":"info","ts":1736463573.7210174,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme-staging-v02.api.letsencrypt.org/acme/acct/179498584","account_contact":["mailto:<email>"]}
{"level":"info","ts":1736463573.7216382,"logger":"tls.obtain","msg":"lock acquired","identifier":"pdf.justinhome.vip"}
{"level":"info","ts":1736463573.7216861,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"pdf.justinhome.vip"}
{"level":"info","ts":1736463573.7218766,"logger":"tls.issuance.acme","msg":"waiting on internal rate limiter","identifiers":["pdf.justinhome.vip"],"ca":"https://acme-staging-v02.api.letsencrypt.org/directory","account":"<email>"}
{"level":"info","ts":1736463573.7219067,"logger":"tls.issuance.acme","msg":"done waiting on internal rate limiter","identifiers":["pdf.justinhome.vip"],"ca":"https://acme-staging-v02.api.letsencrypt.org/directory","account":"<email>"}
{"level":"info","ts":1736463573.7219148,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme-staging-v02.api.letsencrypt.org/acme/acct/179498584","account_contact":["mailto:<email>"]}
{"level":"info","ts":1736463574.1588516,"msg":"trying to solve challenge","identifier":"justinhome.vip","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
{"level":"info","ts":1736463574.211478,"msg":"trying to solve challenge","identifier":"*.justinhome.vip","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
{"level":"info","ts":1736463574.2629197,"msg":"trying to solve challenge","identifier":"files.justinhome.vip","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
{"level":"info","ts":1736463574.3104355,"msg":"trying to solve challenge","identifier":"pdf.justinhome.vip","challenge_type":"dns-01","ca":"https://acme-staging-v02.api.letsencrypt.org/directory"}
{"level":"error","ts":1736463574.5410094,"msg":"cleaning up solver","identifier":"justinhome.vip","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.justinhome.vip\" (usually OK if presenting also failed)","stacktrace":"github.com/mholt/acmez/v3.(*Client).solveChallenges.func1\n\tgithub.com/mholt/acmez/[email protected]/client.go:318\ngithub.com/mholt/acmez/v3.(*Client).solveChallenges\n\tgithub.com/mholt/acmez/[email protected]/client.go:363\ngithub.com/mholt/acmez/v3.(*Client).ObtainCertificate\n\tgithub.com/mholt/acmez/[email protected]/client.go:136\ngithub.com/caddyserver/certmagic.(*ACMEIssuer).doIssue\n\tgithub.com/caddyserver/[email protected]/acmeissuer.go:477\ngithub.com/caddyserver/certmagic.(*ACMEIssuer).Issue\n\tgithub.com/caddyserver/[email protected]/acmeissuer.go:371\ngithub.com/caddyserver/caddy/v2/modules/caddytls.(*ACMEIssuer).Issue\n\tgithub.com/caddyserver/caddy/[email protected]/modules/caddytls/acmeissuer.go:249\ngithub.com/caddyserver/certmagic.(*Config).obtainCert.func2\n\tgithub.com/caddyserver/[email protected]/config.go:626\ngithub.com/caddyserver/certmagic.doWithRetry\n\tgithub.com/caddyserver/[email protected]/async.go:104\ngithub.com/caddyserver/certmagic.(*Config).obtainCert\n\tgithub.com/caddyserver/[email protected]/config.go:700\ngithub.com/caddyserver/certmagic.(*Config).ObtainCertAsync\n\tgithub.com/caddyserver/[email protected]/config.go:505\ngithub.com/caddyserver/certmagic.(*Config).manageOne.func1\n\tgithub.com/caddyserver/[email protected]/config.go:415\ngithub.com/caddyserver/certmagic.(*jobManager).worker\n\tgithub.com/caddyserver/[email protected]/async.go:73"}
{"level":"error","ts":1736463574.5410433,"msg":"cleaning up solver","identifier":"*.justinhome.vip","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.justinhome.vip\" (usually OK if presenting also failed)","stacktrace":"github.com/mholt/acmez/v3.(*Client).solveChallenges.func1\n\tgithub.com/mholt/acmez/[email protected]/client.go:318\ngithub.com/mholt/acmez/v3.(*Client).solveChallenges\n\tgithub.com/mholt/acmez/[email protected]/client.go:363\ngithub.com/mholt/acmez/v3.(*Client).ObtainCertificate\n\tgithub.com/mholt/acmez/[email protected]/client.go:136\ngithub.com/caddyserver/certmagic.(*ACMEIssuer).doIssue\n\tgithub.com/caddyserver/[email protected]/acmeissuer.go:477\ngithub.com/caddyserver/certmagic.(*ACMEIssuer).Issue\n\tgithub.com/caddyserver/[email protected]/acmeissuer.go:371\ngithub.com/caddyserver/caddy/v2/modules/caddytls.(*ACMEIssuer).Issue\n\tgithub.com/caddyserver/caddy/[email protected]/modules/caddytls/acmeissuer.go:249\ngithub.com/caddyserver/certmagic.(*Config).obtainCert.func2\n\tgithub.com/caddyserver/[email protected]/config.go:626\ngithub.com/caddyserver/certmagic.doWithRetry\n\tgithub.com/caddyserver/[email protected]/async.go:104\ngithub.com/caddyserver/certmagic.(*Config).obtainCert\n\tgithub.com/caddyserver/[email protected]/config.go:700\ngithub.com/caddyserver/certmagic.(*Config).ObtainCertAsync\n\tgithub.com/caddyserver/[email protected]/config.go:505\ngithub.com/caddyserver/certmagic.(*Config).manageOne.func1\n\tgithub.com/caddyserver/[email protected]/config.go:415\ngithub.com/caddyserver/certmagic.(*jobManager).worker\n\tgithub.com/caddyserver/[email protected]/async.go:73"}
{"level":"error","ts":1736463574.6234426,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"justinhome.vip","issuer":"acme-staging-v02.api.letsencrypt.org-directory","error":"[justinhome.vip] solving challenges: presenting for challenge: adding temporary record for zone \"vip.\": Invalid http response status, <html>\r\n<head><title>503 Service Temporarily Unavailable</title></head>\r\n<body>\r\n<center><h1>503 Service Temporarily Unavailable</h1></center>\r\n<hr><center>openresty</center>\r\n</body>\r\n</html>\r\n (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/179498584/21894882894) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
{"level":"error","ts":1736463574.6234963,"logger":"tls.obtain","msg":"will retry","error":"[justinhome.vip] Obtain: [justinhome.vip] solving challenges: presenting for challenge: adding temporary record for zone \"vip.\": Invalid http response status, <html>\r\n<head><title>503 Service Temporarily Unavailable</title></head>\r\n<body>\r\n<center><h1>503 Service Temporarily Unavailable</h1></center>\r\n<hr><center>openresty</center>\r\n</body>\r\n</html>\r\n (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/179498584/21894882894) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":1,"retrying_in":60,"elapsed":0.90298029,"max_duration":2592000}
{"level":"error","ts":1736463574.6257708,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"*.justinhome.vip","issuer":"acme-staging-v02.api.letsencrypt.org-directory","error":"[*.justinhome.vip] solving challenges: presenting for challenge: adding temporary record for zone \"vip.\": Invalid http response status, <html>\r\n<head><title>503 Service Temporarily Unavailable</title></head>\r\n<body>\r\n<center><h1>503 Service Temporarily Unavailable</h1></center>\r\n<hr><center>openresty</center>\r\n</body>\r\n</html>\r\n (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/179498584/21894882904) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
{"level":"error","ts":1736463574.6258016,"logger":"tls.obtain","msg":"will retry","error":"[*.justinhome.vip] Obtain: [*.justinhome.vip] solving challenges: presenting for challenge: adding temporary record for zone \"vip.\": Invalid http response status, <html>\r\n<head><title>503 Service Temporarily Unavailable</title></head>\r\n<body>\r\n<center><h1>503 Service Temporarily Unavailable</h1></center>\r\n<hr><center>openresty</center>\r\n</body>\r\n</html>\r\n (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/179498584/21894882904) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":1,"retrying_in":60,"elapsed":0.905195577,"max_duration":2592000}
{"level":"error","ts":1736463574.9033167,"msg":"cleaning up solver","identifier":"pdf.justinhome.vip","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.pdf.justinhome.vip\" (usually OK if presenting also failed)","stacktrace":"github.com/mholt/acmez/v3.(*Client).solveChallenges.func1\n\tgithub.com/mholt/acmez/[email protected]/client.go:318\ngithub.com/mholt/acmez/v3.(*Client).solveChallenges\n\tgithub.com/mholt/acmez/[email protected]/client.go:363\ngithub.com/mholt/acmez/v3.(*Client).ObtainCertificate\n\tgithub.com/mholt/acmez/[email protected]/client.go:136\ngithub.com/caddyserver/certmagic.(*ACMEIssuer).doIssue\n\tgithub.com/caddyserver/[email protected]/acmeissuer.go:477\ngithub.com/caddyserver/certmagic.(*ACMEIssuer).Issue\n\tgithub.com/caddyserver/[email protected]/acmeissuer.go:371\ngithub.com/caddyserver/caddy/v2/modules/caddytls.(*ACMEIssuer).Issue\n\tgithub.com/caddyserver/caddy/[email protected]/modules/caddytls/acmeissuer.go:249\ngithub.com/caddyserver/certmagic.(*Config).obtainCert.func2\n\tgithub.com/caddyserver/[email protected]/config.go:626\ngithub.com/caddyserver/certmagic.doWithRetry\n\tgithub.com/caddyserver/[email protected]/async.go:104\ngithub.com/caddyserver/certmagic.(*Config).obtainCert\n\tgithub.com/caddyserver/[email protected]/config.go:700\ngithub.com/caddyserver/certmagic.(*Config).ObtainCertAsync\n\tgithub.com/caddyserver/[email protected]/config.go:505\ngithub.com/caddyserver/certmagic.(*Config).manageOne.func1\n\tgithub.com/caddyserver/[email protected]/config.go:415\ngithub.com/caddyserver/certmagic.(*jobManager).worker\n\tgithub.com/caddyserver/[email protected]/async.go:73"}
{"level":"error","ts":1736463574.9070232,"msg":"cleaning up solver","identifier":"files.justinhome.vip","challenge_type":"dns-01","error":"no memory of presenting a DNS record for \"_acme-challenge.files.justinhome.vip\" (usually OK if presenting also failed)","stacktrace":"github.com/mholt/acmez/v3.(*Client).solveChallenges.func1\n\tgithub.com/mholt/acmez/[email protected]/client.go:318\ngithub.com/mholt/acmez/v3.(*Client).solveChallenges\n\tgithub.com/mholt/acmez/[email protected]/client.go:363\ngithub.com/mholt/acmez/v3.(*Client).ObtainCertificate\n\tgithub.com/mholt/acmez/[email protected]/client.go:136\ngithub.com/caddyserver/certmagic.(*ACMEIssuer).doIssue\n\tgithub.com/caddyserver/[email protected]/acmeissuer.go:477\ngithub.com/caddyserver/certmagic.(*ACMEIssuer).Issue\n\tgithub.com/caddyserver/[email protected]/acmeissuer.go:371\ngithub.com/caddyserver/caddy/v2/modules/caddytls.(*ACMEIssuer).Issue\n\tgithub.com/caddyserver/caddy/[email protected]/modules/caddytls/acmeissuer.go:249\ngithub.com/caddyserver/certmagic.(*Config).obtainCert.func2\n\tgithub.com/caddyserver/[email protected]/config.go:626\ngithub.com/caddyserver/certmagic.doWithRetry\n\tgithub.com/caddyserver/[email protected]/async.go:104\ngithub.com/caddyserver/certmagic.(*Config).obtainCert\n\tgithub.com/caddyserver/[email protected]/config.go:700\ngithub.com/caddyserver/certmagic.(*Config).ObtainCertAsync\n\tgithub.com/caddyserver/[email protected]/config.go:505\ngithub.com/caddyserver/certmagic.(*Config).manageOne.func1\n\tgithub.com/caddyserver/[email protected]/config.go:415\ngithub.com/caddyserver/certmagic.(*jobManager).worker\n\tgithub.com/caddyserver/[email protected]/async.go:73"}
{"level":"error","ts":1736463574.9883559,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"pdf.justinhome.vip","issuer":"acme-staging-v02.api.letsencrypt.org-directory","error":"[pdf.justinhome.vip] solving challenges: presenting for challenge: adding temporary record for zone \"vip.\": Invalid http response status, {\"status\":\"ERROR\",\"message\":\"Invalid domain.\"} (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/179498584/21894882924) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
{"level":"error","ts":1736463574.9883907,"logger":"tls.obtain","msg":"will retry","error":"[pdf.justinhome.vip] Obtain: [pdf.justinhome.vip] solving challenges: presenting for challenge: adding temporary record for zone \"vip.\": Invalid http response status, {\"status\":\"ERROR\",\"message\":\"Invalid domain.\"} (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/179498584/21894882924) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":1,"retrying_in":60,"elapsed":1.266733309,"max_duration":2592000}
{"level":"error","ts":1736463574.9886062,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"files.justinhome.vip","issuer":"acme-staging-v02.api.letsencrypt.org-directory","error":"[files.justinhome.vip] solving challenges: presenting for challenge: adding temporary record for zone \"vip.\": Invalid http response status, {\"status\":\"ERROR\",\"message\":\"Invalid domain.\"} (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/179498584/21894882914) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
{"level":"error","ts":1736463574.9886506,"logger":"tls.obtain","msg":"will retry","error":"[files.justinhome.vip] Obtain: [files.justinhome.vip] solving challenges: presenting for challenge: adding temporary record for zone \"vip.\": Invalid http response status, {\"status\":\"ERROR\",\"message\":\"Invalid domain.\"} (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/179498584/21894882914) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":1,"retrying_in":60,"elapsed":1.26795392,"max_duration":2592000}
{"level":"info","ts":1736463634.6239762,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"justinhome.vip"}
{"level":"info","ts":1736463634.6244447,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme-staging-v02.api.letsencrypt.org/acme/acct/179498584","account_contact":["mailto:<email>"]}
{"level":"info","ts":1736463634.626054,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"*.justinhome.vip"}
{"level":"info","ts":1736463634.6262987,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme-staging-v02.api.letsencrypt.org/acme/acct/179498584","account_contact":["mailto:<email>"]}
{"level":"info","ts":1736463634.9885473,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"pdf.justinhome.vip"}
{"level":"info","ts":1736463634.9889235,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme-staging-v02.api.letsencrypt.org/acme/acct/179498584","account_contact":["mailto:<email>"]}
{"level":"info","ts":1736463634.9891226,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"files.justinhome.vip"}
{"level":"info","ts":1736463634.9894125,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme-staging-v02.api.letsencrypt.org/acme/acct/179498584","account_contact":["mailto:<email>"]}
{"level":"warn","ts":1736463664.6251676,"msg":"HTTP request failed; retrying","url":"https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce","error":"performing request: Head \"https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce\": http2: timeout awaiting response headers (Client.Timeout exceeded while awaiting headers)"}
{"level":"warn","ts":1736463664.6273124,"msg":"HTTP request failed; retrying","url":"https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce","error":"performing request: Head \"https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce\": http2: timeout awaiting response headers (Client.Timeout exceeded while awaiting headers)"}
{"level":"warn","ts":1736463664.9894938,"msg":"HTTP request failed; retrying","url":"https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce","error":"performing request: Head \"https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce\": http2: timeout awaiting response headers (Client.Timeout exceeded while awaiting headers)"}
{"level":"warn","ts":1736463664.9895027,"msg":"HTTP request failed; retrying","url":"https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce","error":"performing request: Head \"https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce\": http2: timeout awaiting response headers (Client.Timeout exceeded while awaiting headers)"}
{"level":"warn","ts":1736463694.876383,"msg":"HTTP request failed; retrying","url":"https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce","error":"performing request: Head \"https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)"}
{"level":"warn","ts":1736463694.8780413,"msg":"HTTP request failed; retrying","url":"https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce","error":"performing request: Head \"https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce\": http2: timeout awaiting response headers (Client.Timeout exceeded while awaiting headers)"}
{"level":"warn","ts":1736463695.240747,"msg":"HTTP request failed; retrying","url":"https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce","error":"performing request: Head \"https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)"}
{"level":"warn","ts":1736463695.2407823,"msg":"HTTP request failed; retrying","url":"https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce","error":"performing request: Head \"https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)"}
{"level":"warn","ts":1736463725.1271088,"msg":"HTTP request failed; retrying","url":"https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce","error":"performing request: Head \"https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce\": http2: timeout awaiting response headers (Client.Timeout exceeded while awaiting headers)"}
{"level":"error","ts":1736463725.1271672,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"justinhome.vip","issuer":"acme-staging-v02.api.letsencrypt.org-directory","error":"[justinhome.vip] creating new order: fetching new nonce from server: performing request: Head \"https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce\": http2: timeout awaiting response headers (Client.Timeout exceeded while awaiting headers) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
{"level":"error","ts":1736463725.1271913,"logger":"tls.obtain","msg":"will retry","error":"[justinhome.vip] Obtain: [justinhome.vip] creating new order: fetching new nonce from server: performing request: Head \"https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce\": http2: timeout awaiting response headers (Client.Timeout exceeded while awaiting headers) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":2,"retrying_in":120,"elapsed":151.406675439,"max_duration":2592000}
{"level":"warn","ts":1736463725.1292791,"msg":"HTTP request failed; retrying","url":"https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce","error":"performing request: Head \"https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce\": http2: timeout awaiting response headers (Client.Timeout exceeded while awaiting headers)"}
{"level":"error","ts":1736463725.1293085,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"*.justinhome.vip","issuer":"acme-staging-v02.api.letsencrypt.org-directory","error":"[*.justinhome.vip] creating new order: fetching new nonce from server: performing request: Head \"https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce\": http2: timeout awaiting response headers (Client.Timeout exceeded while awaiting headers) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
{"level":"error","ts":1736463725.1293228,"logger":"tls.obtain","msg":"will retry","error":"[*.justinhome.vip] Obtain: [*.justinhome.vip] creating new order: fetching new nonce from server: performing request: Head \"https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce\": http2: timeout awaiting response headers (Client.Timeout exceeded while awaiting headers) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":2,"retrying_in":120,"elapsed":151.408717003,"max_duration":2592000}
{"level":"warn","ts":1736463725.491853,"msg":"HTTP request failed; retrying","url":"https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce","error":"performing request: Head \"https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce\": http2: timeout awaiting response headers (Client.Timeout exceeded while awaiting headers)"}
{"level":"warn","ts":1736463725.4918792,"msg":"HTTP request failed; retrying","url":"https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce","error":"performing request: Head \"https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce\": http2: timeout awaiting response headers (Client.Timeout exceeded while awaiting headers)"}
{"level":"error","ts":1736463725.4919043,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"pdf.justinhome.vip","issuer":"acme-staging-v02.api.letsencrypt.org-directory","error":"[pdf.justinhome.vip] creating new order: fetching new nonce from server: performing request: Head \"https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce\": http2: timeout awaiting response headers (Client.Timeout exceeded while awaiting headers) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
{"level":"error","ts":1736463725.4919221,"logger":"tls.obtain","msg":"will retry","error":"[pdf.justinhome.vip] Obtain: [pdf.justinhome.vip] creating new order: fetching new nonce from server: performing request: Head \"https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce\": http2: timeout awaiting response headers (Client.Timeout exceeded while awaiting headers) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":2,"retrying_in":120,"elapsed":151.770264922,"max_duration":2592000}
{"level":"error","ts":1736463725.4919035,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"files.justinhome.vip","issuer":"acme-staging-v02.api.letsencrypt.org-directory","error":"[files.justinhome.vip] creating new order: fetching new nonce from server: performing request: Head \"https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce\": http2: timeout awaiting response headers (Client.Timeout exceeded while awaiting headers) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
{"level":"error","ts":1736463725.4919322,"logger":"tls.obtain","msg":"will retry","error":"[files.justinhome.vip] Obtain: [files.justinhome.vip] creating new order: fetching new nonce from server: performing request: Head \"https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce\": http2: timeout awaiting response headers (Client.Timeout exceeded while awaiting headers) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":2,"retrying_in":120,"elapsed":151.77123645,"max_duration":2592000}
{"level":"info","ts":1736463845.1283863,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"justinhome.vip"}
{"level":"info","ts":1736463845.128696,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme-staging-v02.api.letsencrypt.org/acme/acct/179498584","account_contact":["mailto:<email>"]}
{"level":"info","ts":1736463845.129446,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"*.justinhome.vip"}
{"level":"info","ts":1736463845.1296725,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme-staging-v02.api.letsencrypt.org/acme/acct/179498584","account_contact":["mailto:<email>"]}
{"level":"info","ts":1736463845.4929872,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"files.justinhome.vip"}
{"level":"info","ts":1736463845.4930258,"logger":"tls.obtain","msg":"obtaining certificate","identifier":"pdf.justinhome.vip"}
{"level":"info","ts":1736463845.4933007,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme-staging-v02.api.letsencrypt.org/acme/acct/179498584","account_contact":["mailto:<email>"]}
{"level":"info","ts":1736463845.4933062,"logger":"tls.issuance.acme","msg":"using ACME account","account_id":"https://acme-staging-v02.api.letsencrypt.org/acme/acct/179498584","account_contact":["mailto:<email>"]}
{"level":"warn","ts":1736463875.1295452,"msg":"HTTP request failed; retrying","url":"https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce","error":"performing request: Head \"https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce\": http2: timeout awaiting response headers (Client.Timeout exceeded while awaiting headers)"}
{"level":"warn","ts":1736463875.130636,"msg":"HTTP request failed; retrying","url":"https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce","error":"performing request: Head \"https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce\": http2: timeout awaiting response headers (Client.Timeout exceeded while awaiting headers)"}
{"level":"warn","ts":1736463875.4945014,"msg":"HTTP request failed; retrying","url":"https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce","error":"performing request: Head \"https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce\": http2: timeout awaiting response headers (Client.Timeout exceeded while awaiting headers)"}
{"level":"warn","ts":1736463875.4945047,"msg":"HTTP request failed; retrying","url":"https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce","error":"performing request: Head \"https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce\": http2: timeout awaiting response headers (Client.Timeout exceeded while awaiting headers)"}
{"level":"warn","ts":1736463905.3806853,"msg":"HTTP request failed; retrying","url":"https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce","error":"performing request: Head \"https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce\": http2: timeout awaiting response headers (Client.Timeout exceeded while awaiting headers)"}
{"level":"warn","ts":1736463905.38178,"msg":"HTTP request failed; retrying","url":"https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce","error":"performing request: Head \"https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce\": http2: timeout awaiting response headers (Client.Timeout exceeded while awaiting headers)"}
{"level":"warn","ts":1736463905.7455094,"msg":"HTTP request failed; retrying","url":"https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce","error":"performing request: Head \"https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce\": http2: timeout awaiting response headers (Client.Timeout exceeded while awaiting headers)"}
{"level":"warn","ts":1736463905.745533,"msg":"HTTP request failed; retrying","url":"https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce","error":"performing request: Head \"https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce\": http2: timeout awaiting response headers (Client.Timeout exceeded while awaiting headers)"}
{"level":"warn","ts":1736463935.6321523,"msg":"HTTP request failed; retrying","url":"https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce","error":"performing request: Head \"https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce\": http2: timeout awaiting response headers (Client.Timeout exceeded while awaiting headers)"}
{"level":"error","ts":1736463935.6322129,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"justinhome.vip","issuer":"acme-staging-v02.api.letsencrypt.org-directory","error":"[justinhome.vip] creating new order: fetching new nonce from server: performing request: Head \"https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce\": http2: timeout awaiting response headers (Client.Timeout exceeded while awaiting headers) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
{"level":"error","ts":1736463935.6322358,"logger":"tls.obtain","msg":"will retry","error":"[justinhome.vip] Obtain: [justinhome.vip] creating new order: fetching new nonce from server: performing request: Head \"https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce\": http2: timeout awaiting response headers (Client.Timeout exceeded while awaiting headers) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":3,"retrying_in":120,"elapsed":361.91171985,"max_duration":2592000}
{"level":"warn","ts":1736463935.6332595,"msg":"HTTP request failed; retrying","url":"https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce","error":"performing request: Head \"https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce\": http2: timeout awaiting response headers (Client.Timeout exceeded while awaiting headers)"}
{"level":"error","ts":1736463935.633287,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"*.justinhome.vip","issuer":"acme-staging-v02.api.letsencrypt.org-directory","error":"[*.justinhome.vip] creating new order: fetching new nonce from server: performing request: Head \"https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce\": http2: timeout awaiting response headers (Client.Timeout exceeded while awaiting headers) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
{"level":"error","ts":1736463935.6332974,"logger":"tls.obtain","msg":"will retry","error":"[*.justinhome.vip] Obtain: [*.justinhome.vip] creating new order: fetching new nonce from server: performing request: Head \"https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce\": http2: timeout awaiting response headers (Client.Timeout exceeded while awaiting headers) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":3,"retrying_in":120,"elapsed":361.912691818,"max_duration":2592000}
{"level":"warn","ts":1736463935.9967587,"msg":"HTTP request failed; retrying","url":"https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce","error":"performing request: Head \"https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)"}
{"level":"error","ts":1736463935.9967904,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"files.justinhome.vip","issuer":"acme-staging-v02.api.letsencrypt.org-directory","error":"[files.justinhome.vip] creating new order: fetching new nonce from server: performing request: Head \"https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce\": context deadline exceeded (Client.Timeout exceeded while awaiting headers) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
{"level":"error","ts":1736463935.9968042,"logger":"tls.obtain","msg":"will retry","error":"[files.justinhome.vip] Obtain: [files.justinhome.vip] creating new order: fetching new nonce from server: performing request: Head \"https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce\": context deadline exceeded (Client.Timeout exceeded while awaiting headers) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":3,"retrying_in":120,"elapsed":362.276108642,"max_duration":2592000}
{"level":"warn","ts":1736463935.9968178,"msg":"HTTP request failed; retrying","url":"https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce","error":"performing request: Head \"https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce\": http2: timeout awaiting response headers (Client.Timeout exceeded while awaiting headers)"}
{"level":"error","ts":1736463935.9968393,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"pdf.justinhome.vip","issuer":"acme-staging-v02.api.letsencrypt.org-directory","error":"[pdf.justinhome.vip] creating new order: fetching new nonce from server: performing request: Head \"https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce\": http2: timeout awaiting response headers (Client.Timeout exceeded while awaiting headers) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
{"level":"error","ts":1736463935.9968555,"logger":"tls.obtain","msg":"will retry","error":"[pdf.justinhome.vip] Obtain: [pdf.justinhome.vip] creating new order: fetching new nonce from server: performing request: Head \"https://acme-staging-v02.api.letsencrypt.org/acme/new-nonce\": http2: timeout awaiting response headers (Client.Timeout exceeded while awaiting headers) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":3,"retrying_in":120,"elapsed":362.275197874,"max_duration":2592000}

If it helps further, here is my Dockerfile:

FROM caddy:builder AS builder

ENV GOPROXY=https://proxy.golang.org,direct

RUN xcaddy build \
    --with github.com/caddy-dns/porkbun

FROM caddy:latest

COPY --from=builder /usr/bin/caddy /usr/bin/caddy

Caddyfile:

{
	acme_ca https://acme-staging-v02.api.letsencrypt.org/directory
	acme_dns porkbun {
		api_key {env.PORKBUN_API_KEY}
		api_secret_key {env.PORKBUN_API_SECRET_KEY}
	}
	email <email>
}

justinhome.vip {
	respond "Welcome to Justin's Home Server!"
}

files.justinhome.vip {
	reverse_proxy filebrowser:80
}

pdf.justinhome.vip {
	reverse_proxy stirling-pdf:8080
}

# Default Catch-All for Unmatched Subdomains
*.justinhome.vip {
	respond "Service not found" 404
}

Compose YAML file:

networks:
  caddy_net:
    external: true

services:
  caddy:
    sysctls:
      net.ipv6.conf.all.disable_ipv6: "1"
    build:
      context: .
      dockerfile: Dockerfile
    container_name: caddy
    image: caddy-porkbun:latest
    restart: unless-stopped
    environment:
      - PORKBUN_API_KEY
      - PORKBUN_API_SECRET_KEY
      - GODEBUG=preferipv4=1
    ports:
      - "80:80"
      - "443:443"
      - "443:443/udp"
    volumes:
      - ./Caddyfile:/etc/caddy/Caddyfile
      - ./site:/srv
      - ./caddy_data:/data
      - ./caddy_config:/config
    logging:
      driver: "json-file"
      options:
        max-size: "10m"
        max-file: "1"
    dns:
      - 1.1.1.1
      - 8.8.8.8
    networks:
      - caddy_net

On Porkbun, I have 2 A records created. One for *.justinhome.vip and one for justinhome.vip, both pointing to my home's public IP.

The nameservers are the default Porkbun ones.

API access is enabled.

I should mention that I am using Unbound within pfSense as my recursive DNS resolver. On a previous PC, all of this worked well and I did not need to specify any public DNS records nor did I need to disable IPV6. On my new PC, I'm even using the same network adapter which carried over its internal LAN address. The only difference is I'm now on Windows 11 and using WSL2 mirrored mode networking instead of NAT networking.

The text was updated successfully, but these errors were encountered:

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Logic bug with .vip TLD? #21

Logic bug with .vip TLD? #21

JusticeGH commented Jan 9, 2025 •

edited

Loading

Logic bug with .vip TLD? #21

Logic bug with .vip TLD? #21

Comments

JusticeGH commented Jan 9, 2025 • edited Loading

JusticeGH commented Jan 9, 2025 •

edited

Loading