Acme Certs for multiple domain (1 provider, 1 account)

I successfully use Traefik 3.1.2 configured to serve request for domain01 using DNS challenge with gandi API (with personal access token) .

Part of my configuration :

  rule = "Host(`www.domain01`) 
  ...
    certResolver = "gandi-resolver"
    [[http.routers.www-https.tls.domains]]
      main = "domain01"
      sans = ["*.domain01"]

and

...
[certificatesResolvers.clairac-fr.acme]
email = "my EMail"
storage = "/etc/traefik/acme/acme.json"
[certificatesResolvers.gandi-resolver.acme.dnsChallenge]
provider = "gandiv5"
delayBeforeCheck = 90

I have a second domain domain02(with gandi and the same account. Token is configured to access both domains) and add to the conf:

  rule = "Host(`www.domain02`)" 
  ...
    certResolver = "gandi-resolver"
    [[http.routers.other-https.tls.domains]]
      main = "domain02"
      sans = ["*.domain02"]

I have following error:

Unable to obtain ACME certificate for domains
error presenting token: unable to create TXT record for domain domain-02.com and name _acme-challenge: 400: request failed

I add _acme-challenge.domain01CNAME to challenge.domain02as proposed in traefik documentation on Multiple DNS Challenge provider but still have the same error

If someone have an idea to help me.

To be clear:

  • domain01and domain02are both managed on Gandi, with 1 account.
  • The generated token on gandi have access to both domain configuration
  • I have only 1 traefik instance (docker latest => 3.1.2)
  • I want to generate wildcard certificate for both domain

Thanks

Solved.

Problem was from Gandi.
My domain was attached to a "link zone" (Gandi way to create a configuration and share it on multiple domain). Due to this attachment, API can't create TXT or CNAME directly on the domain.

Works fine with domain detached

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.