Trying to setup the DNS challenge to get a wildcard certificate.
This is what our environment variables look like:
environment:
- TRAEFIK_ENTRYPOINTS_HTTP=true
- TRAEFIK_ENTRYPOINTS_HTTP_ADDRESS=:80
- TRAEFIK_ENTRYPOINTS_HTTPS=true
- TRAEFIK_ENTRYPOINTS_HTTPS_ADDRESS=:443
- TRAEFIK_ENTRYPOINTS_HTTPS_HTTP_TLS=true
- TRAEFIK_ENTRYPOINTS_HTTPS_HTTP_TLS_CERTRESOLVER=default
- TRAEFIK_ENTRYPOINTS_HTTPS_HTTP_TLS_DOMAINS_0_MAIN=mydomain.net
- TRAEFIK_ENTRYPOINTS_HTTPS_HTTP_TLS_DOMAINS_0_SANS=*.mydomain.net
- TRAEFIK_PROVIDERS_DOCKER=true
- TRAEFIK_CERTIFICATESRESOLVERS_DEFAULT=true
- TRAEFIK_CERTIFICATESRESOLVERS_DEFAULT_ACME_EMAIL=info@mydomain.net
- TRAEFIK_CERTIFICATESRESOLVERS_DEFAULT_ACME_DNSCHALLENGE=true
- TRAEFIK_CERTIFICATESRESOLVERS_DEFAULT_ACME_DNSCHALLENGE_PROVIDER=pdns
- TRAEFIK_CERTIFICATESRESOLVERS_DEFAULT_ACME_DNSCHALLENGE_RESOLVERS=8.8.8.8:53
- TRAEFIK_CERTIFICATESRESOLVERS_DEFAULT_ACME_DNSCHALLENGE_DELAYBEFORECHECK=15
- TRAEFIK_CERTIFICATESRESOLVERS_DEFAULT_ACME_STORAGE=/data/acme.json
- PDNS_API_URL=http://192.168.123.10:8081/
- PDNS_API_KEY=pdns-api-key
And this is the log it outputs:
time="2021-09-06T08:53:39+02:00" level=error msg="Unable to obtain ACME certificate for domains \"mydomain.net,*.mydomain.net\" : unable to generate a certificate for the domains [mydomain.net *.mydomain.net]: error: one or more domains had a problem:\n[*.mydomain.net] time limit exceeded: last error: read udp 192.168.160.2:38270->195.141.155.147:53: i/o timeout\n[mydomain.net] time limit exceeded: last error: read udp 192.168.160.2:49936->195.141.155.147:53: i/o timeout\n" providerName=default.acme
Already tried to increase DELAYBEFORECHECK
and to set a RESOLVER
without success.
The ACME challenges get created correctly in PowerDNS:
May be someone can help or has an idea on how to get this work?
NAT reflection via UDP was not correctly setup. Now it works.