time="2024-01-03T13:43:10Z" level=error msg="Unable to obtain ACME certificate for domains \"pyload.dyn.example.com\": cannot get ACME client get directory at 'https://acme-v02.api.letsencrypt.org/directory': Get \"https://acme-v02.api.letsencrypt.org/directory\": dial tcp: lookup acme-v02.api.letsencrypt.org on 127.0.0.11:53: server misbehaving" routerName=pyload@docker providerName=letsencrypt.acme rule="Host(`pyload.dyn.example.com`)"
I guess this is the key here: 127.0.0.11:53: server misbehaving
My setup looks like this:
I am running traefik on a RasPi behind a Fritzbox as router and with a pi-hole on the RasPi as well.
My goal is it to run multiple services on the RasPi and use traefik as reverse proxy with SSL.
But so far I am not lucky at all.
This is my config:
well I just copied that from a website without checking the version. my bad.
In my other Docker Containers I did not specify a network. so I used network_mode: 'host'
In order to do so, I needed this extra_hosts line to make everything work. At least that's what I thought of.
What might be the cause of the DNS resolution error? Is this really inside of Traefik or might this have something to do with pi-hole?
traefik-traefik-1 | 2024-01-03T17:58:29Z ERR Unable to obtain ACME certificate for domains error="cannot get ACME client get directory at 'https://acme-v02.api.letsencrypt.org/directory': Get \"https://acme-v02.api.letsencrypt.org/directory\": dial tcp: lookup acme-v02.api.letsencrypt.org on 127.0.0.11:53: server misbehaving" ACME CA=https://acme-v02.api.letsencrypt.org/directory acmeCA=https://acme-v02.api.letsencrypt.org/directory domains=["traefik.dyn.example.com"] providerName=myresolver.acme routerName=mydashboard@docker rule=Host(`traefik.dyn.example.com`)
I added a DNS Server to the docker-compose of traefik manually.
Now the error has changed:
traefik-traefik-1 | 2024-01-03T18:22:17Z ERR Unable to obtain ACME certificate for domains error="unable to generate a certificate for the domains [traefik.dyn.example.com]: error: one or more domains had a problem:\n[traefik.dyn.example.com] acme: error: 400 :: urn:ietf:params:acme:error:connection :: 2a02:810b:0:9:40c7: Error getting validation data\n" ACME CA=https://acme-v02.api.letsencrypt.org/directory acmeCA=https://acme-v02.api.letsencrypt.org/directory domains=["traefik.dyn.example.com"] providerName=myresolver.acme routerName=mydashboard@docker rule=Host(`traefik.dyn.example.com`)
sorry, I was not talking about wildcard certificates. I should have been more clear on that.
I mean, that I have a wildcard dns a record for the domain.
So all subdomains of dyn.example.com will be redirected to my router and with that to my RasPi.
traefik-traefik-1 | 2024-01-03T18:22:17Z ERR Unable to obtain ACME certificate for domains error="unable to generate a certificate for the domains [traefik.dyn.example.com]: error: one or more domains had a problem:\n[traefik.dyn.example.com] acme: error: 400 :: urn:ietf:params:acme:error:connection :: 2a02:810b:0:9:40c7: Error getting validation data\n" ACME CA=https://acme-v02.api.letsencrypt.org/directory acmeCA=https://acme-v02.api.letsencrypt.org/directory domains=["traefik.dyn.example.com"] providerName=myresolver.acme routerName=mydashboard@docker rule=Host(`traefik.dyn.example.com`)
ok, so I just found out that I might have to reconfigure the portforwarding of the fritzbox, in order to direct traffic on port 80 and 443 to the RasPi.
I just did some changes on the fritzbox as well as on the DNS record of the domain.
I will update as soon as I have results
Alright, I am able to get access to traefik and whoami through the domains.
However it only works with the traefik certificate and not with letsencrypt.
I am still getting the following error:
traefik-traefik-1 | 2024-01-04T18:38:12Z ERR Unable to obtain ACME certificate for domains error="unable to generate a certificate for the domains [traefik.dyn.example.com]: error: one or more domains had a problem:\n[traefik.dyn.example.com] acme: error: 400 :: urn:ietf:params:acme:error:connection :: 2a02:8106:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx: Error getting validation data\n" ACME CA=https://acme-v02.api.letsencrypt.org/directory acmeCA=https://acme-v02.api.letsencrypt.org/directory domains=["traefik.dyn.example.com"] providerName=myresolver.acme routerName=mydashboard@docker rule=Host(`traefik.dyn.example.com`)