i use unbound DNS over TLS for my upstream. this seems to cause issues with using DNS challenge and cloudflare. not sure if its an unbound issue with the TXT records or not. i am running the unbound default values for everything except the DNS over TLS entries.
Unbound DNS over TLS
(https://i.imgur.com/9jdSe3M.png)
Then in my general settings, i have no nameservers, as i want to use 127.0.0.1 for everything so that it all goes through TLS
(https://i.imgur.com/3BlDNUf.png)
Results in my resolv.conf looking like
# cat /etc/resolv.conf
domain lan
nameserver 127.0.0.1
search lan
everything else works as normal, except caddy on certificate renewal. ACME renewal for the SSL cert used by the os-acme plugin for the OPNsense GUI itself renews fine.
if i put the cloudflare server IPs in the general settings page, restart caddy, all certs renew immediately. this can also work if i put the resolvers option in the TLS block of the caddyfile. https://caddyserver.com/docs/caddyfile/directives/tls#resolvers
has anyone ever encountered this before? maybe its some config issue? it is possible to specify the resolvers in the os-caddy plugin? i didn't see that in any of the "additional fields" help when you are configuring a DNS provider.
thx
I can add the resolvers option to the DNS propagation settings that have been included in the latest patch I did.
https://github.com/opnsense/plugins/issues/4161
Just open an issue like this on github and I will add it soon. Thank you~
https://github.com/opnsense/plugins/issues/4178
thanks