Cannot obtain ACME certificate

Hi! I am new here and doing some experiments with traefik and whoami. I try to set and get the Letsencrypt cert but I still obtain following error:

traefik    | time="2021-03-07T22:16:22Z" level=error msg="Unable to obtain ACME certificate for domains \"onbartikt.tplinkdns.com\": unable to generate a certificate for the domains [onbartikt.tplinkdns.com]: error: one or more domains had a problem:\n[onbartikt.tplinkdns.com] acme: error: 400 :: urn:ietf:params:acme:error:dns :: DNS problem: query timed out looking up A for onbartikt.tplinkdns.com\n" rule="Host(`onbartikt.tplinkdns.com`)" providerName=myresolver.acme routerName=whoami-secured@docker

Here is my docker-compose.yml:

version: "3.3"

services:

  traefik:
    image: "traefik:v2.4"
    container_name: "traefik"
    command:
      - "--log.level=DEBUG"
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.secureweb.address=:443"
      - "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
      - "--certificatesresolvers.myresolver.acme.httpchallenge=true"
      #- "--certificatesresolvers.myhttpchallenge.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
      - "--certificatesresolvers.myresolver.acme.email=mail@mail.com"
      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    volumes:
      - "./letsencrypt:/letsencrypt"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"

  whoami:
    image: "traefik/whoami"
    container_name: "simple-service"
    labels:
      - "traefik.enable=true"
      # Get routes from http
      - "traefik.http.routers.whoami.rule=Host(`doamin.tplinkdns.com`)"
      - "traefik.http.routers.whoami.entrypoints=web"
      # Redirect these routes to https
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
      - "traefik.http.routers.whoami.middlewares=redirect-to-https@docker"
      # Get the routes from https
      - "traefik.http.routers.whoami-secured.rule=Host(`domain.tplinkdns.com`)"
      - "traefik.http.routers.whoami-secured.entrypoints=secureweb"
       # Apply autentificiation with http challenge
      - "traefik.http.routers.whoami-secured.tls=true"
      - "traefik.http.routers.whoami-secured.tls.certresolver=myresolver"      

I was inspired by this thread

True is, that domain is given by tplink DDNSservice and it is just for experiments. But I am planning to get regular domain. Could this be the problem? All my ports are forwarded throught the router, so there shouldn not be any problems.

I have one extra question. Is there any other way how to connect more middleware stuff to some route, than use the chain mechanism?

Thanks a milion for any answers.

onbartik

hello @onbartik
Reading the log file it seems that it is a DNS issue. You can try to play with nip.io - a dynamic DNS configuration. I tend to use them while I work on testing different use cases.

In regard to the chain middleware, please refer to our official documentation: Chain - Traefik

It works like a charm now! You got my thanks :slight_smile:

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.