DNS-01 challenge for a provider not in the supported provider list

Hi I'm using Traefik v2 with Docker and I need a wild card certificate. As per the doc, you can get it only with the DNS-01 challenge. Is there a way to set up such a machinery with a provider not in the list of the providers supported out-of-the-box? They offer an API to interact with the DNS.

Yes, you just create a lego ("LetsEncrypt GO") plugin for your provider.

1 Like

Oh, wow! Unfortunately that API is actually not available. DNS che be only modified in a Web panel. I guess that a programmatic DNS-01 challenge is not feasible (unless faking http requests to the Web interface).

Do you really need a wildcard cert?

If you use multiple hosts in the rule, Traefik+LE will create all necessary certificates.

...rule=Host('example.com') || Host('www.example.com')

(just make sure to use backticks within Host)

1 Like

Probably yes. I used to work with this solution to serve custom error pages with Nginx. It works fine as long as you have a wildcard cert in place. If not, bad URLs such as not-existing-url.example.org will correctly trigger an http 404. However, since there is not a valid service under not-existing-url.example.org the page 404.html will be served with the Traefik default cert (self-signed).

Sure. If you want to catch non existing domains, then you need wildcard TLS.

There is a "manual" mode, but you need to repeat that every 90 days.

you need to run Traefik interactively, turn on debug log to see instructions and press Enter

There is also an "External Program" mode. For that you would need to write a script, in whatever programming language that is close to your heart :slight_smile:

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.