Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

on_demand tls fails #15

Open
1 of 2 tasks
lukepighetti opened this issue Aug 21, 2024 · 1 comment
Open
1 of 2 tasks

on_demand tls fails #15

lukepighetti opened this issue Aug 21, 2024 · 1 comment

Comments

@lukepighetti
Copy link

lukepighetti commented Aug 21, 2024
edited
Loading

when i try to obtain a certificate on demand for customerdomain.com, i get this error from porkbun.

  • i have TLS working for my porkbun domain, subdomains, and wildcard subdomains (not pictured in caddyfile)
  • porkbun says the customer on-demand domain is not opted in to api access

this is my first rodeo with TLS/DNS, is it reasonable to expect porkbun (and this integration) to handle this use case? if not, is there a particular dns provider that is known to work?

2024/08/21 12:26:29.649	INFO	http.acme_client	trying to solve challenge	{"identifier": "chadbod.app", "challenge_type": "dns-01", "ca": "https://acme-v02.api.letsencrypt.org/directory"}
2024/08/21 12:26:30.386	ERROR	http.acme_client	cleaning up solver	{"identifier": "chadbod.app", "challenge_type": "dns-01", "error": "no memory of presenting a DNS record for \"_acme-challenge.chadbod.app\" (usually OK if presenting also failed)"}
2024/08/21 12:26:30.457	ERROR	tls.obtain	could not get certificate from issuer	{"identifier": "chadbod.app", "issuer": "acme-v02.api.letsencrypt.org-directory", "error": "[chadbod.app] solving challenges: presenting for challenge: adding temporary record for zone \"chadbod.app.\": Invalid http response status, {\"status\":\"ERROR\",\"message\":\"Domain is not opted in to API access.\"} (order=https://acme-v02.api.letsencrypt.org/acme/order/1902835346/298178291746) (ca=https://acme-v02.api.letsencrypt.org/directory)"}
2024/08/21 12:26:30.457	ERROR	tls.obtain	will retry	{"error": "[chadbod.app] Obtain: [chadbod.app] solving challenges: presenting for challenge: adding temporary record for zone \"chadbod.app.\": Invalid http response status, {\"status\":\"ERROR\",\"message\":\"Domain is not opted in to API access.\"} (order=https://acme-v02.api.letsencrypt.org/acme/order/1902835346/298178291746) (ca=https://acme-v02.api.letsencrypt.org/directory)", "attempt": 1, "retrying_in": 60, "elapsed": 1.222814301, "max_duration": 2592000}

{
	on_demand_tls {
		ask https://ask.tappy.studio
	}
}

https:// {
        # this redirects customerdomain.com to a static http folder at /root/data/customerdomain.com
	root * /root/data/{http.request.host.labels.1}.{http.request.host.labels.0}
	file_server

	# on demand multi-tenant tls
	tls {
		# https://caddyserver.com/on-demand-tls
		on_demand
		dns porkbun {
			api_key <REDACTED>
			api_secret_key <REDACTED>
		}
		# https://caddy.community/t/could-not-determine-zone-for-domain/18720/7
		resolvers 8.8.8.8
	}
}
@Niallfitzy1
Copy link
Collaborator

Hi @lukepighetti

In order to use libraries like this, you'll need to enable API access from Porkbun domain management.

Here's the Porkbun guide for configuration API access

Everything should hopefully go smoothly afterwards 🤞

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lukepighetti @Niallfitzy1