Cannot retrieve the ACME challenge

Traefik Traefik v3 (latest)
1

Hi,

I am using pangolin as a tunneling provider.
They are using traefik under the hood.
After a standard installation I see these errors in the traefik logs:

2025-04-28T11:12:43Z 2025-04-28T11:12:43Z INF 2025-04-28T11:12:43Z 2025-04-28T11:12:43Z INF 2025-04-28T11:12:43Z 2025-04-28T11:12:43Z INF 2025-04-28T11:12:43Z 2025-04-28T11:12:43Z INF Loading plugins... | 2025-04-28T11:12:43Z 2025-04-28T11:12:43Z INF 2025-04-28T11:12:43Z 2025-04-28T11:12:43Z INF 2025-04-28T11:12:43Z 2025-04-28T11:12:43Z INF 2025-04-28T11:12:43Z 2025-04-28T11:12:43Z INF Loading plugins... | plugins=["geoblock","badger","crowdsec"]
2025-04-28T11:12:43Z 2025-04-28T11:12:43Z INF 2025-04-28T11:12:43Z 2025-04-28T11:12:43Z INF 2025-04-28T11:12:43Z 2025-04-28T11:12:43Z INF 2025-04-28T11:12:43Z 2025-04-28T11:12:43Z INF Plugins loaded. | 2025-04-28T11:12:43Z 2025-04-28T11:12:43Z INF 2025-04-28T11:12:43Z 2025-04-28T11:12:43Z INF 2025-04-28T11:12:43Z 2025-04-28T11:12:43Z INF 2025-04-28T11:12:43Z 2025-04-28T11:12:43Z INF Plugins loaded. | plugins=["geoblock","badger","crowdsec"]
2025-04-28T11:12:43Z 2025-04-28T11:12:43Z INF 2025-04-28T11:12:43Z 2025-04-28T11:12:43Z INF 2025-04-28T11:12:43Z 2025-04-28T11:12:43Z INF 2025-04-28T11:12:43Z 2025-04-28T11:12:43Z INF Starting provider aggregator *aggregator.ProviderAggregator 
2025-04-28T11:12:43Z 2025-04-28T11:12:43Z INF 2025-04-28T11:12:43Z 2025-04-28T11:12:43Z INF 2025-04-28T11:12:43Z 2025-04-28T11:12:43Z INF 2025-04-28T11:12:43Z 2025-04-28T11:12:43Z INF Starting provider *file.Provider 
2025-04-28T11:12:43Z 2025-04-28T11:12:43Z INF 2025-04-28T11:12:43Z 2025-04-28T11:12:43Z INF 2025-04-28T11:12:43Z 2025-04-28T11:12:43Z INF 2025-04-28T11:12:43Z 2025-04-28T11:12:43Z INF Starting provider *traefik.Provider 
2025-04-28T11:12:43Z 2025-04-28T11:12:43Z INF 2025-04-28T11:12:43Z 2025-04-28T11:12:43Z INF 2025-04-28T11:12:43Z 2025-04-28T11:12:43Z INF 2025-04-28T11:12:43Z 2025-04-28T11:12:43Z INF Starting provider *http.Provider 
2025-04-28T11:12:43Z 2025-04-28T11:12:43Z INF 2025-04-28T11:12:43Z 2025-04-28T11:12:43Z INF 2025-04-28T11:12:43Z 2025-04-28T11:12:43Z INF 2025-04-28T11:12:43Z 2025-04-28T11:12:43Z INF Starting provider *acme.ChallengeTLSALPN 
2025-04-28T11:12:43Z 2025-04-28T11:12:43Z INF 2025-04-28T11:12:43Z 2025-04-28T11:12:43Z INF 2025-04-28T11:12:43Z 2025-04-28T11:12:43Z INF 2025-04-28T11:12:43Z 2025-04-28T11:12:43Z INF Starting provider *acme.Provider 
2025-04-28T11:12:43Z 2025-04-28T11:12:43Z INF 2025-04-28T11:12:43Z 2025-04-28T11:12:43Z INF 2025-04-28T11:12:43Z 2025-04-28T11:12:43Z INF 2025-04-28T11:12:43Z 2025-04-28T11:12:43Z INF Testing certificate renew... | 2025-04-28T11:12:43Z 2025-04-28T11:12:43Z INF 2025-04-28T11:12:43Z 2025-04-28T11:12:43Z INF 2025-04-28T11:12:43Z 2025-04-28T11:12:43Z INF 2025-04-28T11:12:43Z 2025-04-28T11:12:43Z INF Testing certificate renew... | providerName=letsencrypt.acme 2025-04-28T11:12:43Z 2025-04-28T11:12:43Z INF 2025-04-28T11:12:43Z 2025-04-28T11:12:43Z INF 2025-04-28T11:12:43Z 2025-04-28T11:12:43Z INF 2025-04-28T11:12:43Z 2025-04-28T11:12:43Z INF Testing certificate renew... | 2025-04-28T11:12:43Z 2025-04-28T11:12:43Z INF 2025-04-28T11:12:43Z 2025-04-28T11:12:43Z INF 2025-04-28T11:12:43Z 2025-04-28T11:12:43Z INF 2025-04-28T11:12:43Z 2025-04-28T11:12:43Z INF Testing certificate renew... | providerName=letsencrypt.acme acmeCA=https://acme-v02.api.letsencrypt.org/directory

2025-04-28T15:46:39Z ERR Cannot retrieve the ACME challenge for mail.example.org (token "index.php") | providerName=acme

2025-04-28T15:46:40Z ERR Cannot retrieve the ACME challenge for mail.example.org (token "autoload_classmap.php") | providerName=acme

2025-04-28T15:46:43Z ERR Cannot retrieve the ACME challenge for mail.example.org (token "admin.php") | providerName=acme

2025-04-28T15:46:43Z ERR Cannot retrieve the ACME challenge for mail.example.org (token "makeasmtp.php") | providerName=acme

2025-04-28T15:46:49Z ERR Cannot retrieve the ACME challenge for mail.example.org (token "radio.php") | providerName=acme

2025-04-28T15:46:52Z ERR Cannot retrieve the ACME challenge for mail.example.org (token "plugins.php") | providerName=acme

2025-04-28T15:47:00Z ERR Cannot retrieve the ACME challenge for mail.example.org (token "cloud.php") | providerName=acme

2025-04-28T15:47:16Z ERR Cannot retrieve the ACME challenge for mail.example.org (token "xmrlpc.php") | providerName=acme

2025-04-28T15:53:34Z ERR Cannot retrieve the ACME challenge for cpcontacts.example.org (token "index.php") | providerName=acme

2025-04-28T15:53:35Z ERR Cannot retrieve the ACME challenge for cpcontacts.example.org (token "autoload_classmap.php") | providerName=acme

2025-04-28T15:53:37Z ERR Cannot retrieve the ACME challenge for cpcontacts.example.org (token "admin.php") | providerName=acme

2025-04-28T15:53:38Z ERR Cannot retrieve the ACME challenge for cpcontacts.example.org (token "makeasmtp.php") | providerName=acme

2025-04-28T15:53:41Z ERR Cannot retrieve the ACME challenge for cpcontacts.example.org (token "radio.php") | providerName=acme

2025-04-28T15:53:44Z ERR Cannot retrieve the ACME challenge for cpcontacts.example.org (token "plugins.php") | providerName=acme

2025-04-28T15:53:51Z ERR Cannot retrieve the ACME challenge for cpcontacts.example.org (token "cloud.php") | providerName=acme

2025-04-28T15:53:59Z ERR Cannot retrieve the ACME challenge for cpcontacts.example.org (token "xmrlpc.php") | providerName=acme

2025-04-28T16:25:18Z ERR Cannot retrieve the ACME challenge for johndoe.com (token "cloud.php") | providerName=acme

2025-04-28T16:25:19Z ERR Cannot retrieve the ACME challenge for johndoe.com (token "xmrlpc.php") | providerName=acme

2025-04-28T16:25:20Z ERR Cannot retrieve the ACME challenge for johndoe.com (token "sx.php") | providerName=acme

2025-04-28T16:25:21Z ERR Cannot retrieve the ACME challenge for johndoe.com (token "xmrlpc.php") | providerName=acme

2025-04-28T16:25:21Z ERR Cannot retrieve the ACME challenge for johndoe.com (token "about.php") | providerName=acme

2025-04-28T17:13:08Z ERR Cannot retrieve the ACME challenge for example.org (token "cloud.php") | providerName=acme

2025-04-28T17:13:16Z ERR Cannot retrieve the ACME challenge for example.org (token "xmrlpc.php") | providerName=acme

2025-04-28T17:13:18Z ERR Cannot retrieve the ACME challenge for example.org (token "sx.php") | providerName=acme

2025-04-28T17:13:19Z ERR Cannot retrieve the ACME challenge for example.org (token "xmrlpc.php") | providerName=acme

2025-04-28T17:13:20Z ERR Cannot retrieve the ACME challenge for example.org (token "about.php") | providerName=acme

Any idea what this is and what it means?
I have two root domains, example.org and johndoe.com.
In Cloudflare I have setup DNS entries, with both domains having wildcards * for any subdomain.
I have no idea where the sudomains mail and cpcontacts come from.
Never used them and never set them up in any way.

Is there any way to debug this?
The guys over at Pangoling have no idea where this comes from either.

2

Those are probably URLs (paths) with known vulnerabilities that get probed by bots from the Internet.

3

How can bots kick off a ACME challange?

4

The bots simply hit your Traefik with URL requests. Not sure why Traefik thinks those are external LetsEncrypt validation requests.

5

Ok, I should have mentioned that I moved my services to a new VPS. Could it be that all the certs which are still valid, have a problem with the new DNS entry?
If thats the case, what is the best way to move the certs from one location to another? Just update the ACME file on the new VPS?

EDIT: so I just read that it is OK to have multiple IPs pointing to the same DNS name. But I guess the problem is that I have two different key entries in the ACME files. I will try to copy the entry from the old server into the new VPS.

6

Usually a DNS name points to one or multiple IPs, not the other way around.