Info:
OPNsense Ver: 26.1.8
os-caddy Ver: 2.1.0
I was clearing out some old API settings and deleted the one I was using for Caddy. I followed the steps in the directions to setup a new API Token. After a lot of troubleshooting, I've come to the conclusion that the Caddy Plugin is not accepting my new API Token, because Cloudflare is now giving out longer API Tokens than what the plugin is expecting.
Caddy will fail to start when the new API Token is saved. However, it will not add anything to the log file. I had to run the following shell command, and here is the result:
Command:
caddy validate --config /usr/local/etc/caddy/Caddyfile
Reply:
2026/05/12 23:27:32.387 INFO using config from file {"file": "/usr/local/etc/caddy/Caddyfile"}
2026/05/12 23:27:32.388 WARN No files matching import glob pattern {"pattern": "/usr/local/etc/caddy/caddy.d/*.global"}
2026/05/12 23:27:32.388 WARN No files matching import glob pattern {"pattern": "/usr/local/etc/caddy/caddy.d/*.conf"}
2026/05/12 23:27:32.389 WARN caddyfile Unnecessary header_up X-Forwarded-For: the reverse proxy's default behavior is to pass headers to the upstream
2026/05/12 23:27:32.389 WARN caddyfile Unnecessary header_up X-Forwarded-Host: the reverse proxy's default behavior is to pass headers to the upstream
2026/05/12 23:27:32.390 WARN caddyfile Unnecessary header_up X-Forwarded-For: the reverse proxy's default behavior is to pass headers to the upstream
2026/05/12 23:27:32.390 WARN caddyfile Unnecessary header_up X-Forwarded-Host: the reverse proxy's default behavior is to pass headers to the upstream
2026/05/12 23:27:32.392 INFO adapted config to JSON {"adapter": "caddyfile"}
2026/05/12 23:27:32.393 INFO redirected default logger {"from": "stderr", "to": "unixgram//var/run/caddy/log.sock"}
Error: loading dynamic_dns app module: provision dynamic_dns: loading DNS provider module: loading module 'cloudflare': provision dns.providers.cloudflare: API token 'cfut_PhB{Rest-Of-The-Key}' appears invalid; ensure it's correctly entered and not wrapped in braces nor quotes
Notice the error at the end of the startup attempt. It says that the token is invalid. The API tokens generated by Cloudflare now have a prefixes:
API Token (User API Token in Directions): cfut_{48 char string}
Global API Key (Not Recommended): cfk_{48 char string}
Account API Token: cfat_{48 char string}
These Cloudflare prefixes make the API Token longer than what is expected and prevent the service from starting properly. The wiki documentation page lists https://github.com/caddy-dns/cloudflare as the GitHub for Cloudflare, and the cloudflare.go file shows that the old API Tokens, which may still be in use, are 35-50 characters long (see line 27). The new API Tokens are 32-256 characters, and it takes the prefix into account (see line 30).
Will this update be incorporated into an update at any point, or is there another way I should update the DNS records?
Remove and reinstall the caddy plugin once and it will have the latest binary with the cloudflare changes.
BOOM! Fixed! Thank you for your help with this. I thought I was going crazy. I'm sorry I didn't see the obvious solution.
Have you tried turning it off and on again?
or
Have you tried uninstalling and reinstalling?
You Rock!
No problem :)