caddy | {"level":"error","ts":1775665174.0844262,"logger":"tls.obtain","msg":"will retry","error":"[gitea.home.example.de] Obtain: [gitea.home.example.de] solving challenges: presenting for challenge: adding temporary record for zone \"example.de.\": RRSet(s) is/are change protected (protected, f079318750ec87304c3722aca0e31853) (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/281265163/35809763723) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":2,"retrying_in":120,"elapsed":62.249057763,"max_duration":2592000}
I have some protected entries in my zone, such as MX, SOA, SPF etc. This is on purpose. This leads to your lib being unable to set a new record. This should not happen. This works totally fine with certbot and other tools, including some I wrote myself.
The code of the your library tries to change protected records. This is awful. I highly question the need for it. You need to be more surgical and only create the _acme_challenge record. This makes caddy unusable for me, as I cannot create any tls certificates.
I have some protected entries in my zone, such as MX, SOA, SPF etc. This is on purpose. This leads to your lib being unable to set a new record. This should not happen. This works totally fine with certbot and other tools, including some I wrote myself.
The code of the your library tries to change protected records. This is awful. I highly question the need for it. You need to be more surgical and only create the _acme_challenge record. This makes caddy unusable for me, as I cannot create any tls certificates.