I'm trying to use Traefik v2 dns challenge with duckdns along with a CNAMEd domain without success. If I use duckdns.org
directly, say mydomain.duckdns.org
in the static config it works:
websecure:
address: :443
http:
middlewares:
- secureHeaders@file
tls:
certResolver: duckdns
domains:
- main: "mydomain.duckdns.org"
sans:
- "*.mydomain.duckdns.org"
...
certificatesResolvers:
duckdns:
acme:
email: mail@mydomain.duckdns.org
storage: acme.json
keyType: EC384
dnsChallenge:
provider: duckdns
Now I'm trying to gen certs to my own domain, e.g. traefik.mydomain.com.br
that is properly CNAMEd to mydomain.duckdns.org
, and has another CNAME entry for _acme-challenge.traefik.mydomain.com.br
that points to mydomain.duckdns.org
. So I've changed my config to reflect this setup:
domains:
- main: "traefik.mydomain.com.br"
sans:
- "*.traefik.mydomain.com.br"
Problem is that the update request to duckdns is failing (url parameter domains
has wrong value, see below). Is this a bug or am I forgetting something here?
msg="Unable to obtain ACME certificate for domains \"traefik.mydomain.com.br\" : unable to generate a certificate for the domains [traefik.mydomain.com.br]:
error: one or more domains had a problem:\n[traefik.mydomain.com.br] [traefik.mydomain.com.br]
acme: error presenting token: request to change TXT record for DuckDNS returned the following result (KO) this does not match expectation (OK)
used url [https://www.duckdns.org/update?clear=false&domains=br&token=xxxxxxxxx-a0a5-4caa-a5a5-xxxxxxxx&txt=sR2pZSxxxxxxxxxvAp6jqdLmizIvWq7QCyYqk-8qySs]\n" providerName=duckdns.acme
If I manually submit the http request to duckdns, obviously exchanging the wrong (br) value in the domains
parameter with the correct (CNAMEd) one then it results OK.
Any ideais? How can I instruct Traefik to use the correct domain? TIA.