Caddy: tls.issuance.acme: json: unknown field "api_token"

Created on 4 May 2020 · 9Comments · Source: caddyserver/caddy

Hi there,

I just upgraded from v2.0.0-rc.3 to v2.0.0, and my configuration unexpectedly stopped working, with the following error when trying to load it:

2020/05/04 18:42:38.265 ERROR   admin.api       request error   {"error": "loading config: loading new config: loading http app module: provision http: getting tls app: loading tls app module: provision tls: provisioning automation policy 0: loading TLS automation management module: loading module 'acme': decoding module config: tls.issuance.acme: json: unknown field \"api_token\"", "status_code": 400}
{"error":"loading config: loading new config: loading http app module: provision http: getting tls app: loading tls app module: provision tls: provisioning automation policy 0: loading TLS automation management module: loading module 'acme': decoding module config: tls.issuance.acme: json: unknown field \"api_token\""}

My configuration looks like this:

{
  "apps": {
    "tls": {
      "automation": {
        "policies": [
          {
            "issuer": {
              "email": "...",
              "module": "acme",
              "challenges": {
                "dns": {
                  "provider": "cloudflare",
                  "api_token": "..."
                }
              }
            }
          }
        ]
      }
    }
  }
}

I built Caddy using the following command:

$ xcaddy build --with github.com/caddy-dns/cloudflare

I'm probably doing something wrong, but since everything seems correct to me otherwise, I opened this issue - since it could be a bug. Thanks for any help!

Kind regards,
Hampus Kraft.

invalid

Source

pnfcre

Most helpful comment

Just in case anyone else encounters the same issue, here's how I finally solved it, by moving from the verbose JSON config to the much cleaner Caddyfile, now that caddy-dns/cloudflare exists:

(cloudflare) {
  tls {
    dns cloudflare <API_KEY>
  }
}

example.com {
  import cloudflare
  reverse_proxy localhost:3000
}

pnfcre on 4 May 2020

❤2 🎉1

All 9 comments

My bad, I did something wrong when compiling Caddy.

pnfcre on 4 May 2020

👍2

Just in case anyone else encounters the same issue, here's how I finally solved it, by moving from the verbose JSON config to the much cleaner Caddyfile, now that caddy-dns/cloudflare exists:

(cloudflare) {
  tls {
    dns cloudflare <API_KEY>
  }
}

example.com {
  import cloudflare
  reverse_proxy localhost:3000
}

pnfcre on 4 May 2020

❤2 🎉1

Thanks for sharing your working config! LGTM.

Another tip: credentials could live in env vars if you want, then you can use {env.CLOUDFLARE_API_TOKEN} (or whatever its name is) in your Caddyfile.

mholt on 4 May 2020

👍1

I got this error: Error during parsing: getting DNS provider module named 'cloudflare': module not registered: dns.providers.cloudflare.

It seems the cloudflare provider module is not built-in in the official release?

Here's the output of caddy list-modules:

admin.api.load
caddy.adapters.caddyfile
caddy.listeners.tls
caddy.logging.encoders.console
caddy.logging.encoders.filter
caddy.logging.encoders.filter.delete
caddy.logging.encoders.filter.ip_mask
caddy.logging.encoders.json
caddy.logging.encoders.logfmt
caddy.logging.encoders.single_field
caddy.logging.writers.discard
caddy.logging.writers.file
caddy.logging.writers.net
caddy.logging.writers.stderr
caddy.logging.writers.stdout
caddy.storage.file_system
http
http.authentication.hashes.bcrypt
http.authentication.hashes.scrypt
http.authentication.providers.http_basic
http.encoders.gzip
http.encoders.zstd
http.handlers.authentication
http.handlers.encode
http.handlers.error
http.handlers.file_server
http.handlers.headers
http.handlers.request_body
http.handlers.reverse_proxy
http.handlers.rewrite
http.handlers.static_response
http.handlers.subroute
http.handlers.templates
http.handlers.vars
http.matchers.expression
http.matchers.file
http.matchers.header
http.matchers.header_regexp
http.matchers.host
http.matchers.method
http.matchers.not
http.matchers.path
http.matchers.path_regexp
http.matchers.protocol
http.matchers.query
http.matchers.remote_ip
http.matchers.vars
http.matchers.vars_regexp
http.reverse_proxy.selection_policies.first
http.reverse_proxy.selection_policies.header
http.reverse_proxy.selection_policies.ip_hash
http.reverse_proxy.selection_policies.least_conn
http.reverse_proxy.selection_policies.random
http.reverse_proxy.selection_policies.random_choose
http.reverse_proxy.selection_policies.round_robin
http.reverse_proxy.selection_policies.uri_hash
http.reverse_proxy.transport.fastcgi
http.reverse_proxy.transport.http
pki
tls
tls.certificates.automate
tls.certificates.load_files
tls.certificates.load_folders
tls.certificates.load_pem
tls.handshake_match.sni
tls.issuance.acme
tls.issuance.internal
tls.stek.distributed
tls.stek.standard

shouya on 5 May 2020

@shouya You got that right. The official release binaries don't include cloudflare provider. You will need to use xcaddy and run:
xcaddy build --with github.com/caddy-dns/cloudflare

Mohammed90 on 5 May 2020

👍1

@Mohammed90 Thank you, I have done this successfully. IMHO it would be good to explicitly state in the official documentation that dns challenge requires custom build.

shouya on 5 May 2020

👍1

Good idea. Will do that.

mholt on 5 May 2020

I have really struggled with finding a simple configuration example of a Caddy 2 JSON file that uses cloudflare.

I finally managed to create one:

https://gist.github.com/fizzyade/8b7978c9001c9dde987c16bdfa322a01