When trying to get/renew certificate using caddy you might sometime run into error "checking DNS propagation of "_acme-challenge.xxxxxxx.dedyn.io": could not determine authoritative nameservers", I was able to solve it by setting resolvers per site at the tls level to cloudflare's dns
Example:
xxxxxxx.dedyn.io {
tls {
resolvers 1.1.1.1
}
# site level config
}