-
Welcome
What did you expect to see?Trying to setup the DNS challenge for Traefik and PowerDNS to get a wildcard certificate. What did you see instead?Some error message. How do you use lego?Through Traefik Reproduction steps
environment:
- TRAEFIK_ENTRYPOINTS_HTTP=true
- TRAEFIK_ENTRYPOINTS_HTTP_ADDRESS=:80
- TRAEFIK_ENTRYPOINTS_HTTPS=true
- TRAEFIK_ENTRYPOINTS_HTTPS_ADDRESS=:443
- TRAEFIK_ENTRYPOINTS_HTTPS_HTTP_TLS=true
- TRAEFIK_ENTRYPOINTS_HTTPS_HTTP_TLS_CERTRESOLVER=default
- TRAEFIK_ENTRYPOINTS_HTTPS_HTTP_TLS_DOMAINS_0_MAIN=mydomain.net
- TRAEFIK_ENTRYPOINTS_HTTPS_HTTP_TLS_DOMAINS_0_SANS=*.mydomain.net
- TRAEFIK_PROVIDERS_DOCKER=true
- TRAEFIK_CERTIFICATESRESOLVERS_DEFAULT=true
- TRAEFIK_CERTIFICATESRESOLVERS_DEFAULT_ACME_EMAIL=info@mydomain.net
- TRAEFIK_CERTIFICATESRESOLVERS_DEFAULT_ACME_DNSCHALLENGE=true
- TRAEFIK_CERTIFICATESRESOLVERS_DEFAULT_ACME_DNSCHALLENGE_PROVIDER=pdns
- TRAEFIK_CERTIFICATESRESOLVERS_DEFAULT_ACME_DNSCHALLENGE_RESOLVERS=8.8.8.8:53
- TRAEFIK_CERTIFICATESRESOLVERS_DEFAULT_ACME_DNSCHALLENGE_DELAYBEFORECHECK=15
- TRAEFIK_CERTIFICATESRESOLVERS_DEFAULT_ACME_STORAGE=/data/acme.json
- PDNS_API_URL=http://192.168.123.10:8081/
- PDNS_API_KEY=pdns-api-key
The ACME challenges get created correctly in PowerDNS (and the SOA serial increments): Already tried to increase DELAYBEFORECHECK and to set a RESOLVER without success. Version of legoLogs{"level":"debug","msg":"Looking for provided certificate(s) to validate [\"mydomain.net\"]...","providerName":"default.acme","time":"2021-09-06T13:19:22+02:00"}
{"level":"debug","msg":"Domains [\"mydomain.net\"] need ACME certificates generation for domains \"mydomain.net\".","providerName":"default.acme","time":"2021-09-06T13:19:22+02:00"}
{"level":"debug","msg":"Loading ACME certificates [mydomain.net]...","providerName":"default.acme","time":"2021-09-06T13:19:22+02:00"}
{"level":"debug","msg":"Building ACME client...","providerName":"default.acme","time":"2021-09-06T13:19:22+02:00"}
{"level":"debug","msg":"https://acme-v02.api.letsencrypt.org/directory","providerName":"default.acme","time":"2021-09-06T13:19:22+02:00"}
{"level":"debug","msg":"Looking for provided certificate(s) to validate [\"mydomain.net\"]...","providerName":"default.acme","time":"2021-09-06T13:19:22+02:00"}
{"level":"debug","msg":"No ACME certificate generation required for domains [\"mydomain.net\"].","providerName":"default.acme","time":"2021-09-06T13:19:22+02:00"}
{"level":"debug","msg":"Looking for provided certificate(s) to validate [\"mydomain.net\"]...","providerName":"default.acme","time":"2021-09-06T13:19:22+02:00"}
{"level":"debug","msg":"No ACME certificate generation required for domains [\"mydomain.net\"].","providerName":"default.acme","time":"2021-09-06T13:19:22+02:00"}
{"level":"debug","msg":"Using DNS Challenge provider: pdns","providerName":"default.acme","time":"2021-09-06T13:19:22+02:00"}
{"level":"debug","msg":"legolog: [INFO] [mydomain.net] acme: Obtaining bundled SAN certificate","time":"2021-09-06T13:19:22+02:00"}
{"level":"debug","msg":"legolog: [INFO] [mydomain.net] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/28497608120","time":"2021-09-06T13:19:23+02:00"}
{"level":"debug","msg":"legolog: [INFO] [mydomain.net] acme: Could not find solver for: tls-alpn-01","time":"2021-09-06T13:19:23+02:00"}
{"level":"debug","msg":"legolog: [INFO] [mydomain.net] acme: Could not find solver for: http-01","time":"2021-09-06T13:19:23+02:00"}
{"level":"debug","msg":"legolog: [INFO] [mydomain.net] acme: use dns-01 solver","time":"2021-09-06T13:19:23+02:00"}
{"level":"debug","msg":"legolog: [INFO] [mydomain.net] acme: Preparing to solve DNS-01","time":"2021-09-06T13:19:23+02:00"}
{"level":"debug","msg":"legolog: [INFO] [mydomain.net] acme: Trying to solve DNS-01","time":"2021-09-06T13:19:23+02:00"}
{"level":"debug","msg":"legolog: [INFO] [mydomain.net] acme: Checking DNS record propagation using [8.8.8.8:53]","time":"2021-09-06T13:19:23+02:00"}
{"level":"debug","msg":"legolog: [INFO] Wait for propagation [timeout: 2m0s, interval: 2s]","time":"2021-09-06T13:19:25+02:00"}
{"level":"debug","msg":"Delaying 120000000000 rather than validating DNS propagation now.","providerName":"default.acme","time":"2021-09-06T13:19:25+02:00"}
{"level":"debug","msg":"Looking for provided certificate(s) to validate [\"mydomain.net\"]...","providerName":"default.acme","time":"2021-09-06T13:19:51+02:00"}
{"level":"debug","msg":"No ACME certificate generation required for domains [\"mydomain.net\"].","providerName":"default.acme","time":"2021-09-06T13:19:51+02:00"}
{"level":"debug","msg":"Looking for provided certificate(s) to validate [\"mydomain.net\"]...","providerName":"default.acme","time":"2021-09-06T13:19:51+02:00"}
{"level":"debug","msg":"No ACME certificate generation required for domains [\"mydomain.net\"].","providerName":"default.acme","time":"2021-09-06T13:19:51+02:00"}
{"level":"debug","msg":"Looking for provided certificate(s) to validate [\"mydomain.net\"]...","providerName":"default.acme","time":"2021-09-06T13:19:51+02:00"}
{"level":"debug","msg":"No ACME certificate generation required for domains [\"mydomain.net\"].","providerName":"default.acme","time":"2021-09-06T13:19:51+02:00"}
{"level":"debug","msg":"Looking for provided certificate(s) to validate [\"mydomain.net\"]...","providerName":"default.acme","time":"2021-09-06T13:19:51+02:00"}
{"level":"debug","msg":"No ACME certificate generation required for domains [\"mydomain.net\"].","providerName":"default.acme","time":"2021-09-06T13:19:51+02:00"}
{"level":"debug","msg":"legolog: [INFO] [mydomain.net] acme: Waiting for DNS record propagation.","time":"2021-09-06T13:21:36+02:00"}
{"level":"debug","msg":"legolog: [INFO] [mydomain.net] acme: Cleaning DNS-01 challenge","time":"2021-09-06T13:21:38+02:00"}
{"level":"debug","msg":"legolog: [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/28497608120","time":"2021-09-06T13:21:38+02:00"}
{"level":"error","msg":"Unable to obtain ACME certificate for domains \"mydomain.net\" : unable to generate a certificate for the domains [mydomain.net]: error: one or more domains had a problem:\n[mydomain.net] time limit exceeded: last error: read udp 172.28.0.2:52637-\u003e195.141.155.147:53: i/o timeout\n","providerName":"default.acme","time":"2021-09-06T13:21:38+02:00"}
{"level":"debug","msg":"Serving default certificate for request: \"media.mydomain.net\"","time":"2021-09-06T13:21:42+02:00"} Go environment (if applicable)No response |
Beta Was this translation helpful? Give feedback.
Answered by
ldez
Sep 7, 2021
Replies: 1 comment 2 replies
-
Hello,
You have an issue with your networking, maybe you have a firewall, or DNS if really really slow. |
Beta Was this translation helpful? Give feedback.
2 replies
Answer selected by
jokay
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello,
You have an issue with your networking, maybe you have a firewall, or DNS if really really slow.