DNS challenge timeouts when obtaining Let's Encrypt certs for wildcard domain (cloudflare) #41

New Issue

Closed

opened 2025-12-29 14:23:01 +01:00 by adam · 2 comments

adam commented 2025-12-29 14:23:01 +01:00

Owner

Copy Link

Originally created by @veigamann on GitHub (Feb 28, 2025).

GoDoxy's autocert tries to get certificates for my domain but keeps timing out during DNS verification.

GoDoxy successfully creates the TXT records in Cloudflare (_acme-challenge.mydomain.com). but the DNS propagation is timing out.

Log:

veigamann@server:~/godoxy$ docker compose up
[+] Running 2/2
 ✔ Container godoxy           Created                                                                                                                                                    1.4s 
 ✔ Container godoxy-frontend  Created                                                                                                                                                    1.4s 
Attaching to godoxy, godoxy-frontend
godoxy           | 02-28 08:25 INF GoDoxy version v0.9.8
godoxy           | 02-28 08:25 DBG entrypoint access logger created
godoxy           | 02-28 08:25 INF loaded route providers
godoxy           |                   • docker@local 1 routes
godoxy           | 02-28 08:25 DBG obtaining cert due to error loading cert
godoxy           | 02-28 08:25 INF homepage overrides config loaded, 0 items
godoxy           | 02-28 08:25 INF icon cache loaded (0 icons)
godoxy           | 2025/02/28 08:25:57 [INFO] acme: Trying to resolve account by key
godoxy           | 02-28 08:25 INF reused acme registration from private key
godoxy           | 2025/02/28 08:25:57 [INFO] [*.mydomain.com, mydomain.com] acme: Obtaining bundled SAN certificate
godoxy-frontend  |    ▲ Next.js 15.1.7
godoxy-frontend  |    - Local:        http://localhost:3000
godoxy-frontend  |    - Network:      http://0.0.0.0:3000
godoxy-frontend  | 
godoxy-frontend  |  ✓ Starting...
godoxy           | 2025/02/28 08:25:58 [INFO] [*.mydomain.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz/2253562705/482718784465
godoxy           | 2025/02/28 08:25:58 [INFO] [mydomain.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz/2253562705/482718784485
godoxy           | 2025/02/28 08:25:58 [INFO] [*.mydomain.com] acme: use dns-01 solver
godoxy           | 2025/02/28 08:25:58 [INFO] [mydomain.com] acme: Could not find solver for: tls-alpn-01
godoxy           | 2025/02/28 08:25:58 [INFO] [mydomain.com] acme: Could not find solver for: http-01
godoxy           | 2025/02/28 08:25:58 [INFO] [mydomain.com] acme: use dns-01 solver
godoxy           | 2025/02/28 08:25:58 [INFO] [*.mydomain.com] acme: Preparing to solve DNS-01
godoxy-frontend  |  ✓ Ready in 858ms
godoxy           | 2025/02/28 08:25:59 [INFO] cloudflare: new record for mydomain.com, ID 37977d96828fcfd045a485e5b71069b6
godoxy           | 2025/02/28 08:25:59 [INFO] [mydomain.com] acme: Preparing to solve DNS-01
godoxy           | 2025/02/28 08:25:59 [INFO] cloudflare: new record for mydomain.com, ID 2b035662b9c42e9f5bd3b62fddcf6b08
godoxy           | 2025/02/28 08:25:59 [INFO] [*.mydomain.com] acme: Trying to solve DNS-01
godoxy           | 2025/02/28 08:25:59 [INFO] [*.mydomain.com] acme: Checking DNS record propagation. [nameservers=127.0.0.53:53]
godoxy           | 2025/02/28 08:26:01 [INFO] Wait for propagation [timeout: 2m0s, interval: 2s]
godoxy           | 2025/02/28 08:26:11 [INFO] [*.mydomain.com] acme: Waiting for DNS record propagation.
godoxy           | 2025/02/28 08:26:23 [INFO] [*.mydomain.com] acme: Waiting for DNS record propagation.
godoxy           | 2025/02/28 08:26:36 [INFO] [*.mydomain.com] acme: Waiting for DNS record propagation.
godoxy           | 2025/02/28 08:26:48 [INFO] [*.mydomain.com] acme: Waiting for DNS record propagation.
godoxy           | 2025/02/28 08:27:00 [INFO] [*.mydomain.com] acme: Waiting for DNS record propagation.
godoxy           | 2025/02/28 08:27:12 [INFO] [*.mydomain.com] acme: Waiting for DNS record propagation.
godoxy           | 2025/02/28 08:27:24 [INFO] [*.mydomain.com] acme: Waiting for DNS record propagation.
godoxy           | 2025/02/28 08:27:36 [INFO] [*.mydomain.com] acme: Waiting for DNS record propagation.
godoxy           | 2025/02/28 08:27:48 [INFO] [*.mydomain.com] acme: Waiting for DNS record propagation.
godoxy           | 2025/02/28 08:28:00 [INFO] [*.mydomain.com] acme: Waiting for DNS record propagation.
godoxy           | 2025/02/28 08:28:02 [INFO] [mydomain.com] acme: Trying to solve DNS-01
godoxy           | 2025/02/28 08:28:02 [INFO] [mydomain.com] acme: Checking DNS record propagation. [nameservers=127.0.0.53:53]
godoxy           | 2025/02/28 08:28:04 [INFO] Wait for propagation [timeout: 2m0s, interval: 2s]
godoxy           | 2025/02/28 08:28:14 [INFO] [mydomain.com] acme: Waiting for DNS record propagation.
godoxy           | 2025/02/28 08:28:26 [INFO] [mydomain.com] acme: Waiting for DNS record propagation.
godoxy           | 2025/02/28 08:28:38 [INFO] [mydomain.com] acme: Waiting for DNS record propagation.
godoxy           | 2025/02/28 08:28:50 [INFO] [mydomain.com] acme: Waiting for DNS record propagation.
godoxy           | 2025/02/28 08:29:02 [INFO] [mydomain.com] acme: Waiting for DNS record propagation.
godoxy           | 2025/02/28 08:29:14 [INFO] [mydomain.com] acme: Waiting for DNS record propagation.
godoxy           | 2025/02/28 08:29:26 [INFO] [mydomain.com] acme: Waiting for DNS record propagation.
godoxy           | 2025/02/28 08:29:38 [INFO] [mydomain.com] acme: Waiting for DNS record propagation.
godoxy           | 2025/02/28 08:29:50 [INFO] [mydomain.com] acme: Waiting for DNS record propagation.
godoxy           | 2025/02/28 08:30:02 [INFO] [mydomain.com] acme: Waiting for DNS record propagation.
godoxy           | 2025/02/28 08:30:04 [INFO] [*.mydomain.com] acme: Cleaning DNS-01 challenge
godoxy           | 2025/02/28 08:30:06 [INFO] [mydomain.com] acme: Cleaning DNS-01 challenge
godoxy           | 2025/02/28 08:30:07 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz/2253562705/482718784465
godoxy           | 2025/02/28 08:30:08 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz/2253562705/482718784485
godoxy           | 02-28 08:30 FTL error: one or more domains had a problem:
godoxy           |                 [*.mydomain.com] propagation: time limit exceeded: last error: authoritative nameservers: DNS call error: read udp [2804:14d:9034:0:226:6cff:fee9:1b0a]:58561->[2803:f800:50::6ca2:c2a8]:53: i/o timeout [ns=paloma.ns.cloudflare.com.:53, question='_acme-challenge.mydomain.com. IN  TXT']
godoxy           |                 [mydomain.com] propagation: time limit exceeded: last error: authoritative nameservers: DNS call error: read udp [2804:14d:9034:0:226:6cff:fee9:1b0a]:34928->[2803:f800:50::6ca2:c157]:53: i/o timeout [ns=clark.ns.cloudflare.com.:53, question='_acme-challenge.mydomain.com. IN  TXT']
godoxy           |                 
godoxy exited with code 0

autocert section in config.yml:

autocert:
  provider: cloudflare
  email: myemail@mydomain.com
  domains:
    - "*.mydomain.com"
    - "mydomain.com"
  options:
    auth_token: <token>

I can see the TXT records being created correctly in the Cloudflare dashboard, but GoDoxy can't seem to verify them. I do have a *.mydomain.com record pointing to my router's public IP address, which port forwards ports 80/tcp and 443/tcp to my server.

Looks like IPv6 related timeouts - I noticed all the failed queries are using IPv6 addresses to reach Cloudflare's nameservers. Could this be related to my host machine config? Firewall issue or something with my DNS setup?

Originally created by @veigamann on GitHub (Feb 28, 2025). GoDoxy's autocert tries to get certificates for my domain but keeps timing out during DNS verification. GoDoxy successfully creates the TXT records in Cloudflare (`_acme-challenge.mydomain.com`). but the DNS propagation is timing out. Log: ```bash veigamann@server:~/godoxy$ docker compose up [+] Running 2/2 ✔ Container godoxy Created 1.4s ✔ Container godoxy-frontend Created 1.4s Attaching to godoxy, godoxy-frontend godoxy | 02-28 08:25 INF GoDoxy version v0.9.8 godoxy | 02-28 08:25 DBG entrypoint access logger created godoxy | 02-28 08:25 INF loaded route providers godoxy | • docker@local 1 routes godoxy | 02-28 08:25 DBG obtaining cert due to error loading cert godoxy | 02-28 08:25 INF homepage overrides config loaded, 0 items godoxy | 02-28 08:25 INF icon cache loaded (0 icons) godoxy | 2025/02/28 08:25:57 [INFO] acme: Trying to resolve account by key godoxy | 02-28 08:25 INF reused acme registration from private key godoxy | 2025/02/28 08:25:57 [INFO] [*.mydomain.com, mydomain.com] acme: Obtaining bundled SAN certificate godoxy-frontend | ▲ Next.js 15.1.7 godoxy-frontend | - Local: http://localhost:3000 godoxy-frontend | - Network: http://0.0.0.0:3000 godoxy-frontend | godoxy-frontend | ✓ Starting... godoxy | 2025/02/28 08:25:58 [INFO] [*.mydomain.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz/2253562705/482718784465 godoxy | 2025/02/28 08:25:58 [INFO] [mydomain.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz/2253562705/482718784485 godoxy | 2025/02/28 08:25:58 [INFO] [*.mydomain.com] acme: use dns-01 solver godoxy | 2025/02/28 08:25:58 [INFO] [mydomain.com] acme: Could not find solver for: tls-alpn-01 godoxy | 2025/02/28 08:25:58 [INFO] [mydomain.com] acme: Could not find solver for: http-01 godoxy | 2025/02/28 08:25:58 [INFO] [mydomain.com] acme: use dns-01 solver godoxy | 2025/02/28 08:25:58 [INFO] [*.mydomain.com] acme: Preparing to solve DNS-01 godoxy-frontend | ✓ Ready in 858ms godoxy | 2025/02/28 08:25:59 [INFO] cloudflare: new record for mydomain.com, ID 37977d96828fcfd045a485e5b71069b6 godoxy | 2025/02/28 08:25:59 [INFO] [mydomain.com] acme: Preparing to solve DNS-01 godoxy | 2025/02/28 08:25:59 [INFO] cloudflare: new record for mydomain.com, ID 2b035662b9c42e9f5bd3b62fddcf6b08 godoxy | 2025/02/28 08:25:59 [INFO] [*.mydomain.com] acme: Trying to solve DNS-01 godoxy | 2025/02/28 08:25:59 [INFO] [*.mydomain.com] acme: Checking DNS record propagation. [nameservers=127.0.0.53:53] godoxy | 2025/02/28 08:26:01 [INFO] Wait for propagation [timeout: 2m0s, interval: 2s] godoxy | 2025/02/28 08:26:11 [INFO] [*.mydomain.com] acme: Waiting for DNS record propagation. godoxy | 2025/02/28 08:26:23 [INFO] [*.mydomain.com] acme: Waiting for DNS record propagation. godoxy | 2025/02/28 08:26:36 [INFO] [*.mydomain.com] acme: Waiting for DNS record propagation. godoxy | 2025/02/28 08:26:48 [INFO] [*.mydomain.com] acme: Waiting for DNS record propagation. godoxy | 2025/02/28 08:27:00 [INFO] [*.mydomain.com] acme: Waiting for DNS record propagation. godoxy | 2025/02/28 08:27:12 [INFO] [*.mydomain.com] acme: Waiting for DNS record propagation. godoxy | 2025/02/28 08:27:24 [INFO] [*.mydomain.com] acme: Waiting for DNS record propagation. godoxy | 2025/02/28 08:27:36 [INFO] [*.mydomain.com] acme: Waiting for DNS record propagation. godoxy | 2025/02/28 08:27:48 [INFO] [*.mydomain.com] acme: Waiting for DNS record propagation. godoxy | 2025/02/28 08:28:00 [INFO] [*.mydomain.com] acme: Waiting for DNS record propagation. godoxy | 2025/02/28 08:28:02 [INFO] [mydomain.com] acme: Trying to solve DNS-01 godoxy | 2025/02/28 08:28:02 [INFO] [mydomain.com] acme: Checking DNS record propagation. [nameservers=127.0.0.53:53] godoxy | 2025/02/28 08:28:04 [INFO] Wait for propagation [timeout: 2m0s, interval: 2s] godoxy | 2025/02/28 08:28:14 [INFO] [mydomain.com] acme: Waiting for DNS record propagation. godoxy | 2025/02/28 08:28:26 [INFO] [mydomain.com] acme: Waiting for DNS record propagation. godoxy | 2025/02/28 08:28:38 [INFO] [mydomain.com] acme: Waiting for DNS record propagation. godoxy | 2025/02/28 08:28:50 [INFO] [mydomain.com] acme: Waiting for DNS record propagation. godoxy | 2025/02/28 08:29:02 [INFO] [mydomain.com] acme: Waiting for DNS record propagation. godoxy | 2025/02/28 08:29:14 [INFO] [mydomain.com] acme: Waiting for DNS record propagation. godoxy | 2025/02/28 08:29:26 [INFO] [mydomain.com] acme: Waiting for DNS record propagation. godoxy | 2025/02/28 08:29:38 [INFO] [mydomain.com] acme: Waiting for DNS record propagation. godoxy | 2025/02/28 08:29:50 [INFO] [mydomain.com] acme: Waiting for DNS record propagation. godoxy | 2025/02/28 08:30:02 [INFO] [mydomain.com] acme: Waiting for DNS record propagation. godoxy | 2025/02/28 08:30:04 [INFO] [*.mydomain.com] acme: Cleaning DNS-01 challenge godoxy | 2025/02/28 08:30:06 [INFO] [mydomain.com] acme: Cleaning DNS-01 challenge godoxy | 2025/02/28 08:30:07 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz/2253562705/482718784465 godoxy | 2025/02/28 08:30:08 [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz/2253562705/482718784485 godoxy | 02-28 08:30 FTL error: one or more domains had a problem: godoxy | [*.mydomain.com] propagation: time limit exceeded: last error: authoritative nameservers: DNS call error: read udp [2804:14d:9034:0:226:6cff:fee9:1b0a]:58561->[2803:f800:50::6ca2:c2a8]:53: i/o timeout [ns=paloma.ns.cloudflare.com.:53, question='_acme-challenge.mydomain.com. IN TXT'] godoxy | [mydomain.com] propagation: time limit exceeded: last error: authoritative nameservers: DNS call error: read udp [2804:14d:9034:0:226:6cff:fee9:1b0a]:34928->[2803:f800:50::6ca2:c157]:53: i/o timeout [ns=clark.ns.cloudflare.com.:53, question='_acme-challenge.mydomain.com. IN TXT'] godoxy | godoxy exited with code 0 ``` autocert section in config.yml: ```yaml autocert: provider: cloudflare email: myemail@mydomain.com domains: - "*.mydomain.com" - "mydomain.com" options: auth_token: <token> ``` I can see the TXT records being created correctly in the Cloudflare dashboard, but GoDoxy can't seem to verify them. I do have a `*.mydomain.com` record pointing to my router's public IP address, which port forwards ports 80/tcp and 443/tcp to my server. Looks like IPv6 related timeouts - I noticed all the failed queries are using IPv6 addresses to reach Cloudflare's nameservers. Could this be related to my host machine config? Firewall issue or something with my DNS setup?

adam closed this issue 2025-12-29 14:23:02 +01:00

adam commented 2025-12-29 14:23:04 +01:00

Author

Owner

Copy Link

@yusing commented on GitHub (Feb 28, 2025):

Hi, seems like a DNS issue. Please try overriding dns server in docker compose like this for GoDoxy.

services:
  app:
    container_name: godoxy
    ...
    dns:
      - 1.1.1.1
      - 1.1.1.2

@yusing commented on GitHub (Feb 28, 2025): Hi, seems like a DNS issue. Please try overriding dns server in docker compose like this for GoDoxy. ```yaml services: app: container_name: godoxy ... dns: - 1.1.1.1 - 1.1.1.2 ```

adam commented 2025-12-29 14:23:04 +01:00

Author

Owner

Copy Link

@veigamann commented on GitHub (Mar 2, 2025):

I ended up resolving the issue by formatting my server (it's just a test environment, so no big deal). Turns out it was a local config problem. Thanks for the help, and I'll close this issue now.

@veigamann commented on GitHub (Mar 2, 2025): I ended up resolving the issue by formatting my server (it's just a test environment, so no big deal). Turns out it was a local config problem. Thanks for the help, and I'll close this issue now.

adam referenced this issue 2025-12-29 14:25:41 +01:00

[PR #41] [MERGED] feat: add groups support for OIDC claims #148

adam referenced this issue 2025-12-29 14:25:42 +01:00

[PR #50] [MERGED] Feat/OIDC middleware #151

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

compat

feat/agent-stream

dev

main-backup

feat/custom-json-marshaling

feat/non-root-non-host-mode

v0.24.0

v0.23.1

v0.23.0

v0.22.1

v0.22.0

v0.21.3

v0.21.2

v0.21.1

v0.21.0

v0.20.14

v0.20.13

v0.20.12

v0.20.11

v0.20.10

v0.20.9

v0.20.8

v0.20.7

v0.20.6

v0.20.5

v0.20.4

v0.20.3

v0.20.2

v0.20.1

v0.20.0

v0.19.2

v0.19.1

v0.19.0

v0.18.6

v0.18.5

v0.18.4

v0.18.3

v0.18.2

v0.18.1

v0.18.0

v0.17.6

v0.17.5

v0.17.4

v0.17.3

v0.17.2

v0.17.1

v0.17.0

v0.16.2

v0.16.0-pathfix

v0.16.1

v0.16.0

v0.15.3

v0.15.2

v0.15.1

v0.15.0

v0.14.2

v0.14.1

v0.14.0

v0.13.8

v0.13.7

v0.13.6

v0.13.5

v0.13.4

v0.13.3

v0.13.2

v0.13.1

v0.13.0

v0.12.3

v0.12.2

v0.12.1

v0.12.0

v0.11.9

v0.11.8

v0.11.7

v0.11.6-buildfix

v0.11.6

v0.11.5

v0.11.4

v0.11.3

v0.11.2-2

v0.11.2-1

v0.11.2

v0.11.1

v0.11.0

v0.10.2

v0.10.1

v0.10.0

v0.9.10

v0.9.9-1

v0.9.9

v0.9.8

0.9.8

0.9.7

0.9.6

0.9.5

0.9.4-1

0.9.4

0.9.3

0.9.2

0.9.1

0.9

0.8.1

0.8.0

0.7.7

0.7.6

0.7.5

0.7.4

0.7.3

0.7.2

0.7.1

0.7.0

0.6.4-1

0.6.4

0.6.3

0.6.2

0.6.1

0.6

0.6-rp1

0.5.8

0.5.7

0.5.6

0.5.5

0.5.4

0.5.3

0.5.2

0.5.1

0.5.0

0.5.0-rc6

0.5.0-rc5

0.5.0-rc4

0.5.0-rc3

0.5.0-rc2

0.5.0-rc1

0.5.0-beta3

0.5.0-beta2

0.5.0-beta

0.4.8-1

0.4.8

0.4.7

0.4.6

0.4.5

0.4.4

0.4.3

0.4.2

0.4.1

0.4.0

0.3.1

0.3

0.2.2

0.2.1

0.2-alpha

0.1-stable

Labels

Clear labels

bug

enhancement

pull-request

Mirrored from GitHub Pull Request

wontfix

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

adam

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/godoxy-yusing#41