this post was submitted on 23 Apr 2025
27 points (93.5% liked)

Selfhosted

46253 readers
220 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
ruud@lemmy.world
Loki@lemmy.world
CannaVet@lemmy.world
devve@lemmy.world
HybridSarcasm@lemmy.world
HybridSarcasm@lemmy.hybridsarcasm.xyz
27
Anyone use Caddy w Porkbun here? Looking for help after updating Caddy… (mander.xyz)
submitted 1 day ago by ocean@mander.xyz to c/selfhosted@lemmy.world
12 comments fedilink hide all child comments
 

I’m slightly freaking out. I recently ran some updates on my Linux Mint server computer. Afterwards, my modules, like Porkbun, had been removed and kept giving a 400 error when trying to add-package. Without the porkbun dns module, caddy can’t pass the keys and nothing with reverse proxy from me. The porkbun git page mentions some upgrade to the DNS system a few days ago that they said was connected to this. Any ideas of what to do? Do I downgrade Caddy until they resolve? I’m not the most computer savvy so I appreciate the help.

all 13 comments
sorted by: hot top controversial new old
[–] Auli@lemmy.ca 5 points 1 day ago

Downgrade to 2.9 till the porkbun plugin gets updated to work withb2.10.

[–] Xanza@lemm.ee 7 points 1 day ago* (last edited 1 day ago) (1 children)

I guess it depends on how you got caddy to begin with. If you used xcaddy, you have to update caddy the same way (recompile via xcaddy) otherwise you'll get the default binary which has no misc modules by default, which kinda sounds like what's happened but who knows for sure.

If you're feeling daring, you can try to compile caddy yourself with xcaddy, it's super easy.

Save your Caddyfile's (ultra important), and uninstall caddy. Install xcaddy (apt install xcaddy [or go install github.com/caddyserver/xcaddy/cmd/xcaddy@latest]). Then use xcaddy to compile caddy with the modules you need;

$ cd /tmp
$ xcaddy build --with github.com/caddy-dns/porkbun --with github.com/caddy-dns/cloudflare --with github.com/some-user/whatever-module

Caddy will build and be spit out in /tmp/caddy. Move it to /home/username/.local/bin or something, and make sure that directory is in your path. Don't forget to chmod +x caddy.

Run caddy like normal and see if this fixes your issue. If not, you'll likely have to try and older version of caddy (uninstall and specifically install the previous version or if you can't, use xcaddy with CADDY_VERSION to build a specific version with your modules), or wait until they push a fix for whatever they broke.

[–] sugar_in_your_tea@sh.itjust.works 4 points 1 day ago

That's what I did for Cloudflare and it works well.

[–] Auli@twit.social 2 points 1 day ago

@ocean unless there has been an update in the last day 2.10 and porkbun DNS do not work yet.

[–] fishynoob@infosec.pub 1 points 1 day ago

Sorry, I don't use either of those services. Would you be willing to explain your setup? I use my own CA with HAProxy for TLS termination (with servers side TLS) so I might be able to give some general tips. Maybe.

[–] sxan@midwest.social -5 points 1 day ago (2 children)

I've never heard of Porkbun, but it doesn't sound like a caddy issue. Let's Encrypt requires being able to resolve the DNS name you're requesting a cert for, and to be able to connect to your web service and fetch a secret to prove you own the domain. If porkbun does something like punch a hole in your LAN firewall and let in http traffic, then porkbun is the problem. Not Caddy.

[–] sugar_in_your_tea@sh.itjust.works 7 points 1 day ago (1 children)

and to be able to connect to your web service and fetch a secret to prove you own the domain

This part isn't true, you can use DNS challenge and they don't need to connect to your service. I have several services on my LAN that have never been accessible from the internet that have Let's Encrypt certs.

That sounds like the method OP is trying to use.

[–] sxan@midwest.social 1 points 2 hours ago (1 children)

Hmmm. You're right; it's a mechanism I've never used because it's more work and it is slower, and I forget about it. All you need to do is be able to prove you own the domain, and control over the DNS record is certainly viable.

Is that what Porkbun does? Because Caddy can automate the http method, but not the DNS challenge method, because both require a handshake and that's updating the DNS record.

[–] sugar_in_your_tea@sh.itjust.works 1 points 1 hour ago* (last edited 1 hour ago)

Porkbun is a domain registrar, so I'm guessing OP is using their API to edit a DNS record with the challenge so Let's Encrypt can prove ownership of the domain. Caddy can automate that, however, you need a Caddy build with a plugin for the registrar (use xcaddy), and then supply login details in the Caddyfile.

Here's the plugin for porkbun, and the README documents how to use it.

I prefer doing it this way so I don't need to expose my service to the internet to get a TLS cert, and I can also keep port 80 blocked.

[–] just_another_person@lemmy.world 1 points 1 day ago (1 children)

Then why did you comment? 😂

[–] sxan@midwest.social 1 points 2 hours ago

Because they were wondering if it was a Caddy issue, and I'll bet real money it isn't.

Being able to exclude components from being a possible source of the issue is critical to problem solving.