caddy-dns
Not compatible with libdns 1.0 APIs used in new Caddy release
Caddy upgraded to using a new libdns version with 2.10.0, which breaks the route53 plugin.
libdns 1.0 APIs: Many of you use DNS provider modules to solve ACME DNS challenges or to enable dynamic DNS. They implement interfaces defined by libdns to get, set, append, and delete DNS records. After 5 years of production experience, including lessons learned with ECH, libdns APIs have been updated and 1.0 beta has been tagged. DNS provider packages will need to update their code to be compatible, which will help ensure stability and well-defined semantics for the future. Several packages have already updated or are in the process of updating (cloudflare, rfc2136, and desec to name a few)
Using caddy 2.9.1 is a workaround
xcaddy build v2.9.1 --with github.com/caddy-dns/[email protected]
Thanks for the heads up, was able to successfully build it now. Is a patch planned to integrate those changes, or accepting contributions?
I hope this project will see an update soon as 2.10.0 have a major change for wildcard certificates which uses it for individual subdomains automatically. I was able to build 2.9.1 but it doesn't use wildcard cert for individual domains and I failed to find a workaround for that.
https://github.com/libdns/route53/pull/286
partial fix implemented here-it works for wildcard acme for me, at least
partial fix implemented here-it works for wildcard acme for me, at least
You're a life saver! Thank you for this fix.
I was able to confirm that Caddy 2.10.0 can be built with fix. ACME for wildcard certificates work and as 2.10 promised, wildcard cert is used for subdomains defined under the wildcard domain. For those who want to get route53 plugin running with 2.10, here are my steps:
git clone https://github.com/theAeon/route53.git
xcaddy build --with github.com/caddy-dns/route53 --replace github.com/libdns/[email protected]=./route53
Here is my Caddyfile:
{
email [email protected]
}
*.wild.example.com {
tls {
dns route53 {
access_key_id ABCDFGHEFC
secret_access_key FOO+as123Xdaddsalkj//na11
region us-east-1
wait_for_propagation true
max_wait_dur 120
hosted_zone_id Z0916111111111
}
}
}
subdomain.wild.example.com {
# proxy pass, etc
}
My observation is that getting wildcard cert can take 1-2 minutes. Until then, caddy requests individual certs for the subdomains. However, once it gets wildcard cert, it starts to use it after a reload and it continues to use it. So you may see log lines for individuals domains when you're first starting. Once it gets wildcard, you won't see those lines. You can confirm the wildcard cert with the following command:
curl -v https://subdomain.wild.example.com | grep subject
You should see something like below:
* Server certificate:
* subject: CN=*.wild.example.com
* start date: Apr 25 05:59:15 2025 GMT
* expire date: Jul 24 05:59:14 2025 GMT
* subjectAltName: host "subdomain.wild.example.com" matched cert's "*.wild.example.com"
* issuer: C=US; O=Let's Encrypt; CN=E6
* SSL certificate verify ok.
Hope this helps. When the code is merged into libdns/route53 repository, I believe we will just be able to build caddy with xcaddy build --with ....
@excid3 I recently became a contributor to libdns/route53, which this package depends on. I added e2e tests using the new libdns testing framework I proposed earlier and fixed all discovered issues. The library is now libdns 1.0 compliant. I'll release a new version soon and then open a PR here to update this dependency.
As of now, you can do the same trick as with theAeon fork, but with libdns master:
git clone https://github.com/libdns/route53
xcaddy build --with github.com/caddy-dns/route53 --replace github.com/libdns/[email protected]=./route53
We have released a beta version fully compatible with Caddy 2.10 and the new libdns:
xcaddy build v2.10.2 --with github.com/caddy-dns/[email protected]
Feedback is welcome. A stable release is planned for next week.
Just to update this thread for anyone following: v1.6.0 stable was release a few days ago, so you should be able to go back to
xcaddy build --with github.com/caddy-dns/route53
