When trying to start caddy, each time it says that no A/AAAA records exist. If I use LetsDebug.net, HTTP-01 and TLS-ALPN-01 fails due to the same reason. When I look at NameCheap, these are my DNS records.
It produced this output:
2022/03/11 19:53:13.247 ERROR tls.issuance.acme.acme_client challenge failed {"identifier": "www.git.fivepixels.me", "challenge_type": "tls-alpn-01", "problem": {"type": "urn:ietf:params:acme:error:dns", "title": "", "detail": "DNS problem: NXDOMAIN looking up A for www.git.fivepixels.me - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for www.git.fivepixels.me - check that a DNS record exists for this domain", "instance": "", "subproblems": }}
My web server is (include version):
caddy v2.4.6
The operating system my web server runs on is (include version):
Ubuntu 1.18
My hosting provider, if applicable, is:
Domain Host: NameCheap
Server host: Central.so
I can login to a root shell on my machine (yes or no, or I don't know):
Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
Your dns records and the error message agree. There is no A/AAAA record for www.git.fivepixels.me -- you only have one for git.fivepixels.me (they are different domain names)
And it looks like it may be working now. I think it took some time for the DNS to update becuase I was getting the same error for a little bit longer. The lack of A/AAA records error went away, but I'm now authorization limited for the next hour or so.
Mar 11 22:00:20 fivepixels.me caddy[52885]: {"level":"error","ts":1647032420.734154,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"www.fivepixels.me","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:dns","title":"","detail":"no valid A records found for www.fivepixels.me; no valid AAAA records found for www.fivepixels.me","instance":"","subproblems":}}
Mar 11 22:00:24 fivepixels.me caddy[52885]: {"level":"error","ts":1647032424.0842578,"logger":"tls.issuance.acme.acme_client","msg":"challenge failed","identifier":"www.vault.fivepixels.me","challenge_type":"tls-alpn-01","problem":{"type":"urn:ietf:params:acme:error:dns","title":"","detail":"no valid A records found for www.vault.fivepixels.me; no valid AAAA records found for www.vault.fivepixels.me","instance":"","subproblems":}}
Looking back now, I set the records to CNAMEs rather than A/AAAA - do they need to be A records? When I provide a A record, it asks for the target to be an IP - which I would need to set to the same as my A record for the first record in the last screenshot right?
Also - just running a letsdebug.net test on fivepixels.me (which clearly has an A/AAAA record on the screenshot) is also returning that there are no A records.
Alright, that was definitely what was causing the A record on fivepixels.me to fail. After restarting my docker server and my caddy instance - we've got results! The website is resolving correctly now. Thanks for all your help!
I do have another question. bearblog.dev seems to already have an SSL certificate, so when I try to enter blog.fivepixels.me, the certificate isn't valid. bearblog is responsible for the entire blog. Is there a way to provide my own SSL on it?
Probably. But it's better if bearblog gets a certificate automatically.
No, there isn't
Note: We don't currently provide SSL cetificates, so .dev and .app domains will only work if set up through a CDN like Cloudflare with proxy enabled and set to Flexible.