I’m slightly freaking out. I recently ran some updates on my Linux Mint server computer. Afterwards, my modules, like Porkbun, had been removed and kept giving a 400 error when trying to add-package. Without the porkbun dns module, caddy can’t pass the keys and nothing with reverse proxy from me. The porkbun git page mentions some upgrade to the DNS system a few days ago that they said was connected to this. Any ideas of what to do? Do I downgrade Caddy until they resolve? I’m not the most computer savvy so I appreciate the help.

  • 𝕽𝖚𝖆𝖎𝖉𝖍𝖗𝖎𝖌𝖍@midwest.socialEnglish
    16·
    2 days ago

    I’ve never heard of Porkbun, but it doesn’t sound like a caddy issue. Let’s Encrypt requires being able to resolve the DNS name you’re requesting a cert for, and to be able to connect to your web service and fetch a secret to prove you own the domain. If porkbun does something like punch a hole in your LAN firewall and let in http traffic, then porkbun is the problem. Not Caddy.

    • sugar_in_your_tea@sh.itjust.worksEnglish
      7·
      2 days ago

      and to be able to connect to your web service and fetch a secret to prove you own the domain

      This part isn’t true, you can use DNS challenge and they don’t need to connect to your service. I have several services on my LAN that have never been accessible from the internet that have Let’s Encrypt certs.

      That sounds like the method OP is trying to use.

      • 𝕽𝖚𝖆𝖎𝖉𝖍𝖗𝖎𝖌𝖍@midwest.socialEnglish
        1·
        8 hours ago

        Hmmm. You’re right; it’s a mechanism I’ve never used because it’s more work and it is slower, and I forget about it. All you need to do is be able to prove you own the domain, and control over the DNS record is certainly viable.

        Is that what Porkbun does? Because Caddy can automate the http method, but not the DNS challenge method, because both require a handshake and that’s updating the DNS record.

        • sugar_in_your_tea@sh.itjust.worksEnglish
          2·
          8 hours ago

          Porkbun is a domain registrar, so I’m guessing OP is using their API to edit a DNS record with the challenge so Let’s Encrypt can prove ownership of the domain. Caddy can automate that, however, you need a Caddy build with a plugin for the registrar (use xcaddy), and then supply login details in the Caddyfile.

          Here’s the plugin for porkbun, and the README documents how to use it.

          I prefer doing it this way so I don’t need to expose my service to the internet to get a TLS cert, and I can also keep port 80 blocked.