You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I was using this bit of Caddyfile, as seen via docker exec in the container: dns duckdns {f6e-aaa-bbb-ccc-b86}
As implied by this part of the README: dns duckdns {env.DUCKDNS_API_TOKEN}
Which I guess is a linguistic red-herring, stuff in {} interpolated to api_token => value before we get to UnmarshalCaddyfile(d *caddyfile.Dispenser) ..? Speculation.
Anyway. That doesn't trip this:
if p.Provider.APIToken == "" {
return d.Err("missing API token")
}
and goes on to fail, the token parameter is casually empty: caddy-1 | {"level":"error","ts":1735636941.773746,"logger":"tls.obtain","msg":"will retry","error":"[voulais.duckdns.org] Obtain: [voulais.duckdns.org] solving challenges: presenting for challenge: adding temporary record for zone \"duckdns.org.\": DuckDNS request failed, expected (OK) but got (KO), url: [https://www.duckdns.org/update?domains=voulais.duckdns.org&token=&txt=yWJ3zVVwwIRPxw14J3f2riEuFD805UOkC4OIFCwJcno&verbose=true], body: KO (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/178240924/21688731104) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":5,"retrying_in":600,"elapsed":610.848246992,"max_duration":2592000}
And that's pretty much it. No idea why. Debugger time?
Other syntax variations do cause errors, eg with spaces or on a new line:
dns duckdns { $DUCKDNS_API_TOKEN }
dns duckdns {
$DUCKDNS_API_TOKEN
}
Maybe it's on libdns/duckdns to double-check api_token != '' as it goes along.
Seems weird.
Thanks!
PS I of course made it more confusing by having a docker-compose.yml that did:
that was retaining an old config that worked, from before I made everything look neat with those extra curly braces, which I just didn't need. This stuck-state fell over a few days ago, somehow, as per chaos. For those playing along at home, you need to:
docker compose down --volumes
docker compose up --build
I've been rate limited now, it says "too many certificates (5) already issued" which is probably how many times I did the above.
Another random detail: I'm always "waiting on internal rate limiter" for 0.00005 seconds, which takes two log lines or 1/5th of all the log lines per tls.obtain.
And thanks again, it was super nice having HTTPS just go, as it did initially, and duck another little bill and personal info leak. Thanks.
I was using this bit of Caddyfile, as seen via docker exec in the container:
dns duckdns {f6e-aaa-bbb-ccc-b86}As implied by this part of the README:
dns duckdns {env.DUCKDNS_API_TOKEN}Which I guess is a linguistic red-herring, stuff in
{}interpolated toapi_token => valuebefore we get toUnmarshalCaddyfile(d *caddyfile.Dispenser)..? Speculation.Anyway. That doesn't trip this:
and goes on to fail, the token parameter is casually empty:
caddy-1 | {"level":"error","ts":1735636941.773746,"logger":"tls.obtain","msg":"will retry","error":"[voulais.duckdns.org] Obtain: [voulais.duckdns.org] solving challenges: presenting for challenge: adding temporary record for zone \"duckdns.org.\": DuckDNS request failed, expected (OK) but got (KO), url: [https://www.duckdns.org/update?domains=voulais.duckdns.org&token=&txt=yWJ3zVVwwIRPxw14J3f2riEuFD805UOkC4OIFCwJcno&verbose=true], body: KO (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/178240924/21688731104) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":5,"retrying_in":600,"elapsed":610.848246992,"max_duration":2592000}And that's pretty much it. No idea why. Debugger time?
Other syntax variations do cause errors, eg with spaces or on a new line:
Maybe it's on libdns/duckdns to double-check
api_token != ''as it goes along.Seems weird.
Thanks!
PS I of course made it more confusing by having a docker-compose.yml that did:
that was retaining an old config that worked, from before I made everything look neat with those extra curly braces, which I just didn't need. This stuck-state fell over a few days ago, somehow, as per chaos. For those playing along at home, you need to:
I've been rate limited now, it says "too many certificates (5) already issued" which is probably how many times I did the above.
Another random detail: I'm always "waiting on internal rate limiter" for 0.00005 seconds, which takes two log lines or 1/5th of all the log lines per tls.obtain.
And thanks again, it was super nice having HTTPS just go, as it did initially, and duck another little bill and personal info leak. Thanks.
My project is here: https://github.com/stylehouse/jamola/blob/main/docker-compose.yaml
Someone else in the same ditch who got me out: https://caddy.community/t/dns-challenge-with-duckdns/14994
caddy version
v2.8.4 h1:q3pe0wpBj1OcHFZ3n/1nl4V4bxBrYoSoab7rL9BMYNk=
The text was updated successfully, but these errors were encountered: