DNS Challenge OVH - unable to generate a certificate for the domains / NS ns.ovh.net. returned SERVFAIL

raynoxfr · March 28, 2023, 1:41pm

Hello,

I have tried to add DNS challenge for HTTPS with OVH, but I didn't understand why it doesn't work, because I have follow some documentation :

Traefik setting :

version: "3"
services:

  traefik:
    container_name: "traefik"
    image: traefik:latest
    restart: unless-stopped
    command:
      - "--log.level=DEBUG"
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.http.address=:80"
      - "--entrypoints.https.address=:443"
      - "--certificatesresolvers.myresolver.acme.dnschallenge=true"
      - "--certificatesresolvers.myresolver.acme.dnschallenge.provider=ovh"
      - "--certificatesresolvers.myresolver.acme.email=mail@domain.net"
      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
      - "--certificatesresolvers.myresolver.acme.dnschallenge.delaybeforecheck=10"
      - "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
    environment:
      - "TZ=Europe/Paris"
      - "OVH_ENDPOINT=ovh-eu"
      - "OVH_APPLICATION_KEY=*******************"
      - "OVH_APPLICATION_SECRET=*******************"
      - "OVH_CONSUMER_KEY=*******************"
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    networks:
      - traefik_proxy
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "/docker/traefik/config:/etc/traefik:ro"
      - "/docker/traefik/letsencrypt:/letsencrypt"

      
networks: 
  traefik_proxy:
    external: true

About my test :

version: "3"
services:
  whoami:
    image: traefik/whoami:latest
    container_name: whoami
    restart: unless-stopped
    ports:
      - "8082:80"
    networks:
      - traefik_proxy
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.whoami.rule=Host(`test.domain.net`)"
      - "traefik.http.routers.whoami.entrypoints=http"
      - "traefik.docker.network=traefik_proxy"
      - "traefik.http.routers.whoami.entrypoints=https"
      - "traefik.http.routers.whoami.tls.certresolver=myresolver"


networks: 
  traefik_proxy:
    external: true

When I run traefik, I get :

      
time="2023-03-28T14:56:44+02:00" level=debug msg="No default certificate, fallback to the internal generated certificate" tlsStoreName=default
time="2023-03-28T14:56:44+02:00" level=debug msg="Added outgoing tracing middleware api@internal" entryPointName=traefik routerName=api@internal middlewareName=tracing middlewareType=TracingForwarder
time="2023-03-28T14:56:44+02:00" level=debug msg="Added outgoing tracing middleware dashboard@internal" middlewareType=TracingForwarder entryPointName=traefik routerName=dashboard@internal middlewareName=tracing
time="2023-03-28T14:56:44+02:00" level=debug msg="Creating middleware" routerName=dashboard@internal middlewareName=dashboard_stripprefix@internal middlewareType=StripPrefix entryPointName=traefik
time="2023-03-28T14:56:44+02:00" level=debug msg="Adding tracing to middleware" entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_stripprefix@internal
time="2023-03-28T14:56:44+02:00" level=debug msg="Creating middleware" entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_redirect@internal middlewareType=RedirectRegex
time="2023-03-28T14:56:44+02:00" level=debug msg="Setting up redirection from ^(http:\\/\\/(\\[[\\w:.]+\\]|[\\w\\._-]+)(:\\d+)?)\\/$ to ${1}/dashboard/" middlewareName=dashboard_redirect@internal middlewareType=RedirectRegex entryPointName=traefik routerName=dashboard@internal
time="2023-03-28T14:56:44+02:00" level=debug msg="Adding tracing to middleware" entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_redirect@internal
time="2023-03-28T14:56:44+02:00" level=debug msg="Creating middleware" entryPointName=traefik middlewareType=Recovery middlewareName=traefik-internal-recovery
time="2023-03-28T14:56:44+02:00" level=debug msg="No default certificate, fallback to the internal generated certificate" tlsStoreName=default
time="2023-03-28T14:56:44+02:00" level=debug msg="Added outgoing tracing middleware api@internal" entryPointName=traefik routerName=api@internal middlewareName=tracing middlewareType=TracingForwarder
time="2023-03-28T14:56:44+02:00" level=debug msg="Added outgoing tracing middleware dashboard@internal" middlewareType=TracingForwarder entryPointName=traefik routerName=dashboard@internal middlewareName=tracing
time="2023-03-28T14:56:44+02:00" level=debug msg="Creating middleware" routerName=dashboard@internal entryPointName=traefik middlewareName=dashboard_stripprefix@internal middlewareType=StripPrefix
time="2023-03-28T14:56:44+02:00" level=debug msg="Adding tracing to middleware" entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_stripprefix@internal
time="2023-03-28T14:56:44+02:00" level=debug msg="Creating middleware" middlewareType=RedirectRegex middlewareName=dashboard_redirect@internal entryPointName=traefik routerName=dashboard@internal
time="2023-03-28T14:56:44+02:00" level=debug msg="Setting up redirection from ^(http:\\/\\/(\\[[\\w:.]+\\]|[\\w\\._-]+)(:\\d+)?)\\/$ to ${1}/dashboard/" entryPointName=traefik routerName=dashboard@internal middlewareType=RedirectRegex middlewareName=dashboard_redirect@internal
time="2023-03-28T14:56:44+02:00" level=debug msg="Adding tracing to middleware" middlewareName=dashboard_redirect@internal entryPointName=traefik routerName=dashboard@internal
time="2023-03-28T14:56:44+02:00" level=debug msg="Creating middleware" middlewareType=Recovery entryPointName=traefik middlewareName=traefik-internal-recovery
time="2023-03-28T14:56:44+02:00" level=debug msg="Creating middleware" middlewareName=pipelining middlewareType=Pipelining entryPointName=http routerName=plex@docker serviceName=plex
time="2023-03-28T14:56:44+02:00" level=debug msg="Creating load-balancer" entryPointName=http routerName=plex@docker serviceName=plex
time="2023-03-28T14:56:44+02:00" level=debug msg="Creating server 0 http://172.21.0.8:32400" serverName=0 entryPointName=http routerName=plex@docker serviceName=plex
time="2023-03-28T14:56:44+02:00" level=debug msg="child http://172.21.0.8:32400 now UP"
time="2023-03-28T14:56:44+02:00" level=debug msg="Propagating new UP status"
time="2023-03-28T14:56:44+02:00" level=debug msg="Added outgoing tracing middleware plex" routerName=plex@docker middlewareName=tracing middlewareType=TracingForwarder entryPointName=http
time="2023-03-28T14:56:44+02:00" level=debug msg="Creating middleware" serviceName=overseerr entryPointName=http routerName=overseerr@docker middlewareName=pipelining middlewareType=Pipelining
time="2023-03-28T14:56:44+02:00" level=debug msg="Creating load-balancer" serviceName=overseerr entryPointName=http routerName=overseerr@docker
time="2023-03-28T14:56:44+02:00" level=debug msg="Creating server 0 http://172.21.0.6:5055" entryPointName=http routerName=overseerr@docker serviceName=overseerr serverName=0
time="2023-03-28T14:56:44+02:00" level=debug msg="child http://172.21.0.6:5055 now UP"
time="2023-03-28T14:56:44+02:00" level=debug msg="Propagating new UP status"
time="2023-03-28T14:56:44+02:00" level=debug msg="Added outgoing tracing middleware overseerr" middlewareName=tracing middlewareType=TracingForwarder entryPointName=http routerName=overseerr@docker
time="2023-03-28T14:56:44+02:00" level=debug msg="Creating middleware" middlewareName=pipelining middlewareType=Pipelining entryPointName=http serviceName=rdtclient routerName=rdtclient@docker
time="2023-03-28T14:56:44+02:00" level=debug msg="Creating load-balancer" serviceName=rdtclient routerName=rdtclient@docker entryPointName=http
time="2023-03-28T14:56:44+02:00" level=debug msg="Creating server 0 http://172.21.0.4:6500" serverName=0 routerName=rdtclient@docker entryPointName=http serviceName=rdtclient
time="2023-03-28T14:56:44+02:00" level=debug msg="child http://172.21.0.4:6500 now UP"
time="2023-03-28T14:56:44+02:00" level=debug msg="Propagating new UP status"
time="2023-03-28T14:56:44+02:00" level=debug msg="Added outgoing tracing middleware rdtclient" routerName=rdtclient@docker middlewareName=tracing middlewareType=TracingForwarder entryPointName=http
time="2023-03-28T14:56:44+02:00" level=debug msg="Creating middleware" routerName=sonarr@docker serviceName=sonarr entryPointName=http middlewareName=pipelining middlewareType=Pipelining
time="2023-03-28T14:56:44+02:00" level=debug msg="Creating load-balancer" routerName=sonarr@docker serviceName=sonarr entryPointName=http
time="2023-03-28T14:56:44+02:00" level=debug msg="Creating server 0 http://172.21.0.3:8989" entryPointName=http routerName=sonarr@docker serviceName=sonarr serverName=0
time="2023-03-28T14:56:44+02:00" level=debug msg="child http://172.21.0.3:8989 now UP"
time="2023-03-28T14:56:44+02:00" level=debug msg="Propagating new UP status"
time="2023-03-28T14:56:44+02:00" level=debug msg="Added outgoing tracing middleware sonarr" middlewareName=tracing middlewareType=TracingForwarder entryPointName=http routerName=sonarr@docker
time="2023-03-28T14:56:44+02:00" level=debug msg="Creating middleware" entryPointName=http routerName=portainer@docker serviceName=portainer middlewareName=pipelining middlewareType=Pipelining
time="2023-03-28T14:56:44+02:00" level=debug msg="Creating load-balancer" routerName=portainer@docker serviceName=portainer entryPointName=http
time="2023-03-28T14:56:44+02:00" level=debug msg="Creating server 0 http://172.21.0.9:9000" serverName=0 entryPointName=http routerName=portainer@docker serviceName=portainer
time="2023-03-28T14:56:44+02:00" level=debug msg="child http://172.21.0.9:9000 now UP"
time="2023-03-28T14:56:44+02:00" level=debug msg="Propagating new UP status"
time="2023-03-28T14:56:44+02:00" level=debug msg="Added outgoing tracing middleware portainer" routerName=portainer@docker middlewareName=tracing middlewareType=TracingForwarder entryPointName=http
time="2023-03-28T14:56:44+02:00" level=debug msg="Creating middleware" routerName=radarr@docker serviceName=radarr middlewareName=pipelining middlewareType=Pipelining entryPointName=http
time="2023-03-28T14:56:44+02:00" level=debug msg="Creating load-balancer" entryPointName=http routerName=radarr@docker serviceName=radarr
time="2023-03-28T14:56:44+02:00" level=debug msg="Creating server 0 http://172.21.0.2:7878" serverName=0 entryPointName=http routerName=radarr@docker serviceName=radarr
time="2023-03-28T14:56:44+02:00" level=debug msg="child http://172.21.0.2:7878 now UP"
time="2023-03-28T14:56:44+02:00" level=debug msg="Propagating new UP status"
time="2023-03-28T14:56:44+02:00" level=debug msg="Added outgoing tracing middleware radarr" routerName=radarr@docker middlewareName=tracing middlewareType=TracingForwarder entryPointName=http
time="2023-03-28T14:56:44+02:00" level=debug msg="Creating middleware" middlewareName=pipelining entryPointName=http routerName=jackett@docker serviceName=jackett middlewareType=Pipelining
time="2023-03-28T14:56:44+02:00" level=debug msg="Creating load-balancer" routerName=jackett@docker serviceName=jackett entryPointName=http
time="2023-03-28T14:56:44+02:00" level=debug msg="Creating server 0 http://172.21.0.7:9117" entryPointName=http routerName=jackett@docker serverName=0 serviceName=jackett
time="2023-03-28T14:56:44+02:00" level=debug msg="child http://172.21.0.7:9117 now UP"
time="2023-03-28T14:56:44+02:00" level=debug msg="Propagating new UP status"
time="2023-03-28T14:56:44+02:00" level=debug msg="Added outgoing tracing middleware jackett" entryPointName=http routerName=jackett@docker middlewareName=tracing middlewareType=TracingForwarder
time="2023-03-28T14:56:44+02:00" level=debug msg="Creating middleware" middlewareName=traefik-internal-recovery middlewareType=Recovery entryPointName=http
time="2023-03-28T14:56:44+02:00" level=debug msg="Creating middleware" serviceName=whoami-whoami middlewareName=pipelining middlewareType=Pipelining entryPointName=https routerName=whoami@docker
time="2023-03-28T14:56:44+02:00" level=debug msg="Creating load-balancer" routerName=whoami@docker serviceName=whoami-whoami entryPointName=https
time="2023-03-28T14:56:44+02:00" level=debug msg="Creating server 0 http://172.21.0.10:80" serverName=0 serviceName=whoami-whoami entryPointName=https routerName=whoami@docker
time="2023-03-28T14:56:44+02:00" level=debug msg="child http://172.21.0.10:80 now UP"
time="2023-03-28T14:56:44+02:00" level=debug msg="Propagating new UP status"
time="2023-03-28T14:56:44+02:00" level=debug msg="Added outgoing tracing middleware whoami-whoami" routerName=whoami@docker entryPointName=https middlewareName=tracing middlewareType=TracingForwarder
time="2023-03-28T14:56:44+02:00" level=debug msg="Creating middleware" entryPointName=https middlewareName=traefik-internal-recovery middlewareType=Recovery
time="2023-03-28T14:56:44+02:00" level=debug msg="Adding route for test.domain.net with TLS options default" entryPointName=https
time="2023-03-28T14:56:44+02:00" level=debug msg="Trying to challenge certificate for domain [test.domain.net] found in HostSNI rule" providerName=myresolver.acme ACME CA="https://acme-staging-v02.api.letsencrypt.org/directory" routerName=whoami@docker rule="Host(`test.domain.net`)"
time="2023-03-28T14:56:44+02:00" level=debug msg="Looking for provided certificate(s) to validate [\"test.domain.net\"]..." rule="Host(`test.domain.net`)" providerName=myresolver.acme ACME CA="https://acme-staging-v02.api.letsencrypt.org/directory" routerName=whoami@docker
time="2023-03-28T14:56:44+02:00" level=debug msg="Domains [\"test.domain.net\"] need ACME certificates generation for domains \"test.domain.net\"." ACME CA="https://acme-staging-v02.api.letsencrypt.org/directory" routerName=whoami@docker rule="Host(`test.domain.net`)" providerName=myresolver.acme
time="2023-03-28T14:56:44+02:00" level=debug msg="Loading ACME certificates [test.domain.net]..." ACME CA="https://acme-staging-v02.api.letsencrypt.org/directory" routerName=whoami@docker rule="Host(`test.domain.net`)" providerName=myresolver.acme
time="2023-03-28T14:56:46+02:00" level=debug msg="Building ACME client..." providerName=myresolver.acme
time="2023-03-28T14:56:46+02:00" level=debug msg="https://acme-staging-v02.api.letsencrypt.org/directory" providerName=myresolver.acme
time="2023-03-28T14:56:46+02:00" level=info msg=Register... providerName=myresolver.acme
time="2023-03-28T14:56:46+02:00" level=debug msg="legolog: [INFO] acme: Registering account for pascal@domain.net"
time="2023-03-28T14:56:46+02:00" level=debug msg="Using DNS Challenge provider: ovh" providerName=myresolver.acme
time="2023-03-28T14:56:46+02:00" level=debug msg="legolog: [INFO] [test.domain.net] acme: Obtaining bundled SAN certificate"
time="2023-03-28T14:56:47+02:00" level=debug msg="legolog: [INFO] [test.domain.net] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/[REPLACED BY AUTHOR]"
time="2023-03-28T14:56:47+02:00" level=debug msg="legolog: [INFO] [test.domain.net] acme: Could not find solver for: tls-alpn-01"
time="2023-03-28T14:56:47+02:00" level=debug msg="legolog: [INFO] [test.domain.net] acme: Could not find solver for: http-01"
time="2023-03-28T14:56:47+02:00" level=debug msg="legolog: [INFO] [test.domain.net] acme: use dns-01 solver"
time="2023-03-28T14:56:47+02:00" level=debug msg="legolog: [INFO] [test.domain.net] acme: Preparing to solve DNS-01"
time="2023-03-28T14:56:47+02:00" level=debug msg="legolog: [INFO] [test.domain.net] acme: Trying to solve DNS-01"
time="2023-03-28T14:56:47+02:00" level=debug msg="legolog: [INFO] [test.domain.net] acme: Checking DNS record propagation using [127.0.0.11:53]"
time="2023-03-28T14:56:49+02:00" level=debug msg="legolog: [INFO] Wait for propagation [timeout: 1m0s, interval: 2s]"
time="2023-03-28T14:56:49+02:00" level=debug msg="Delaying 10000000000 rather than validating DNS propagation now." providerName=myresolver.acme
time="2023-03-28T14:57:00+02:00" level=debug msg="legolog: [INFO] [test.domain.net] acme: Waiting for DNS record propagation."
time="2023-03-28T14:57:02+02:00" level=debug msg="Delaying 10000000000 rather than validating DNS propagation now." providerName=myresolver.acme
time="2023-03-28T14:57:12+02:00" level=debug msg="legolog: [INFO] [test.domain.net] acme: Waiting for DNS record propagation."
time="2023-03-28T14:57:14+02:00" level=debug msg="Delaying 10000000000 rather than validating DNS propagation now." providerName=myresolver.acme
time="2023-03-28T14:57:24+02:00" level=debug msg="legolog: [INFO] [test.domain.net] acme: Waiting for DNS record propagation."
time="2023-03-28T14:57:26+02:00" level=debug msg="Delaying 10000000000 rather than validating DNS propagation now." providerName=myresolver.acme
time="2023-03-28T14:57:36+02:00" level=debug msg="legolog: [INFO] [test.domain.net] acme: Waiting for DNS record propagation."
time="2023-03-28T14:57:38+02:00" level=debug msg="Delaying 10000000000 rather than validating DNS propagation now." providerName=myresolver.acme
time="2023-03-28T14:57:48+02:00" level=debug msg="legolog: [INFO] [test.domain.net] acme: Waiting for DNS record propagation."
time="2023-03-28T14:57:50+02:00" level=debug msg="legolog: [INFO] [test.domain.net] acme: Cleaning DNS-01 challenge"
time="2023-03-28T14:57:50+02:00" level=debug msg="legolog: [INFO] Deactivating auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/[REPLACED BY AUTHOR]"
time="2023-03-28T14:57:51+02:00" level=error msg="Unable to obtain ACME certificate for domains \"test.domain.net\": unable to generate a certificate for the domains [test.domain.net]: error: one or more domains had a problem:\n[test.domain.net] time limit exceeded: last error: NS ns.ovh.net. returned SERVFAIL for _acme-challenge.test.domain.net.\n" routerName=whoami@docker rule="Host(`test.domain.net`)" providerName=myresolver.acme ACME CA="https://acme-staging-v02.api.letsencrypt.org/directory"

I have also this kind of lines :

time="2023-03-28T17:25:11+02:00" level=debug msg="Serving default certificate for request: \"docker.domain.net\""
time="2023-03-28T17:25:11+02:00" level=debug msg="http: TLS handshake error from 90.110.188.218:61016: EOF"
time="2023-03-28T17:25:11+02:00" level=debug msg="Serving default certificate for request: \"docker.domain.net\""
time="2023-03-28T17:25:11+02:00" level=debug msg="http: TLS handshake error from 90.110.188.218:61017: EOF"
time="2023-03-28T17:25:11+02:00" level=debug msg="Serving default certificate for request: \"docker.domain.net\""
time="2023-03-28T17:25:11+02:00" level=debug msg="http: TLS handshake error from 90.110.188.218:61018: EOF"
time="2023-03-28T17:25:11+02:00" level=debug msg="Serving default certificate for request: \"docker.domain.net\""
time="2023-03-28T17:25:11+02:00" level=debug msg="http: TLS handshake error from 90.110.188.218:61019: EOF"
time="2023-03-28T17:25:11+02:00" level=debug msg="Serving default certificate for request: \"docker.domain.net\""
time="2023-03-28T17:25:11+02:00" level=debug msg="http: TLS handshake error from 90.110.188.218:61020: EOF"
time="2023-03-28T17:25:11+02:00" level=debug msg="Serving default certificate for request: \"docker.domain.net\""
time="2023-03-28T17:25:11+02:00" level=debug msg="http: TLS handshake error from 90.110.188.218:61021: EOF"
time="2023-03-28T17:25:15+02:00" level=debug msg="Serving default certificate for request: \"docker.domain.net\""
time="2023-03-28T17:25:15+02:00" level=debug msg="http: TLS handshake error from 90.110.188.218:61022: EOF"
time="2023-03-28T17:25:15+02:00" level=debug msg="Serving default certificate for request: \"docker.domain.net\""
time="2023-03-28T17:25:15+02:00" level=debug msg="http: TLS handshake error from 90.110.188.218:61023: EOF"
time="2023-03-28T17:25:15+02:00" level=debug msg="Serving default certificate for request: \"docker.domain.net\""
time="2023-03-28T17:25:15+02:00" level=debug msg="http: TLS handshake error from 90.110.188.218:61024: EOF"
time="2023-03-28T17:25:15+02:00" level=debug msg="Serving default certificate for request: \"docker.domain.net\""
time="2023-03-28T17:25:15+02:00" level=debug msg="http: TLS handshake error from 90.110.188.218:61025: EOF"
time="2023-03-28T17:25:15+02:00" level=debug msg="Serving default certificate for request: \"docker.domain.net\""
time="2023-03-28T17:25:15+02:00" level=debug msg="http: TLS handshake error from 90.110.188.218:61026: EOF"
time="2023-03-28T17:25:15+02:00" level=debug msg="Serving default certificate for request: \"docker.domain.net\""
time="2023-03-28T17:25:15+02:00" level=debug msg="http: TLS handshake error from 90.110.188.218:61027: EOF"
time="2023-03-28T17:25:15+02:00" level=debug msg="Serving default certificate for request: \"docker.domain.net\""
time="2023-03-28T17:25:15+02:00" level=debug msg="http: TLS handshake error from 90.110.188.218:61028: EOF"
time="2023-03-28T17:25:15+02:00" level=debug msg="Serving default certificate for request: \"docker.domain.net\""
time="2023-03-28T17:25:15+02:00" level=debug msg="http: TLS handshake error from 90.110.188.218:61029: EOF"
time="2023-03-28T17:25:15+02:00" level=debug msg="Serving default certificate for request: \"docker.domain.net\""
time="2023-03-28T17:25:15+02:00" level=debug msg="http: TLS handshake error from 90.110.188.218:61030: EOF"
time="2023-03-28T17:25:15+02:00" level=debug msg="Serving default certificate for request: \"docker.domain.net\""
time="2023-03-28T17:25:15+02:00" level=debug msg="http: TLS handshake error from 90.110.188.218:61031: EOF"
time="2023-03-28T17:25:15+02:00" level=debug msg="Serving default certificate for request: \"docker.domain.net\""
time="2023-03-28T17:25:15+02:00" level=debug msg="http: TLS handshake error from 90.110.188.218:61032: EOF"
time="2023-03-28T17:25:56+02:00" level=debug msg="Serving default certificate for request: \"test.domain.net\""
time="2023-03-28T17:25:56+02:00" level=debug msg="Serving default certificate for request: \"test.domain.net\""
time="2023-03-28T17:25:56+02:00" level=debug msg="http: TLS handshake error from 90.110.188.218:61052: EOF"
time="2023-03-28T17:25:56+02:00" level=debug msg="Serving default certificate for request: \"test.domain.net\""
time="2023-03-28T17:25:56+02:00" level=debug msg="http: TLS handshake error from 90.110.188.218:61053: EOF"
time="2023-03-28T17:25:56+02:00" level=debug msg="Serving default certificate for request: \"test.domain.net\""
time="2023-03-28T17:25:56+02:00" level=debug msg="http: TLS handshake error from 90.110.188.218:61054: EOF"
time="2023-03-28T17:25:56+02:00" level=debug msg="Serving default certificate for request: \"test.domain.net\""
time="2023-03-28T17:25:56+02:00" level=debug msg="http: TLS handshake error from 90.110.188.218:61055: EOF"
time="2023-03-28T17:25:56+02:00" level=debug msg="Serving default certificate for request: \"test.domain.net\""
time="2023-03-28T17:25:56+02:00" level=debug msg="http: TLS handshake error from 90.110.188.218:61056: EOF"
time="2023-03-28T17:25:56+02:00" level=debug msg="Serving default certificate for request: \"test.domain.net\""
time="2023-03-28T17:25:56+02:00" level=debug msg="http: TLS handshake error from 90.110.188.218:61057: EOF"
time="2023-03-28T17:25:56+02:00" level=debug msg="Serving default certificate for request: \"test.domain.net\""
time="2023-03-28T17:25:56+02:00" level=debug msg="http: TLS handshake error from 90.110.188.218:61058: EOF"
time="2023-03-28T17:25:56+02:00" level=debug msg="Serving default certificate for request: \"test.domain.net\""
time="2023-03-28T17:25:56+02:00" level=debug msg="http: TLS handshake error from 90.110.188.218:61059: EOF"
time="2023-03-28T17:25:57+02:00" level=debug msg="Serving default certificate for request: \"test.domain.net\""
time="2023-03-28T17:25:57+02:00" level=debug msg="http: TLS handshake error from 90.110.188.218:61060: EOF"
time="2023-03-28T17:25:57+02:00" level=debug msg="Serving default certificate for request: \"test.domain.net\""
time="2023-03-28T17:25:57+02:00" level=debug msg="http: TLS handshake error from 90.110.188.218:61061: EOF"
time="2023-03-28T17:26:15+02:00" level=debug msg="Serving default certificate for request: \"test.domain.net\""
time="2023-03-28T17:26:15+02:00" level=debug msg="Serving default certificate for request: \"90.110.188.218\""
time="2023-03-28T17:26:16+02:00" level=debug msg="http: TLS handshake error from 161.35.27.144:46960: read tcp 172.21.0.5:443->161.35.27.144:46960: read: connection reset by peer"
time="2023-03-28T17:26:16+02:00" level=debug msg="Serving default certificate for request: \"90.110.188.218\""
time="2023-03-28T17:26:16+02:00" level=debug msg="Serving default certificate for request: \"90.110.188.218\""
time="2023-03-28T17:26:16+02:00" level=debug msg="http: TLS handshake error from 165.232.76.155:37292: read tcp 172.21.0.5:80->165.232.76.155:37292: read: connection reset by peer"
time="2023-03-28T17:26:16+02:00" level=debug msg="http: TLS handshake error from 161.35.27.144:46962: read tcp 172.21.0.5:443->161.35.27.144:46962: read: connection reset by peer"
time="2023-03-28T17:26:16+02:00" level=debug msg="Serving default certificate for request: \"90.110.188.218\""
time="2023-03-28T17:26:16+02:00" level=debug msg="Serving default certificate for request: \"90.110.188.218\""
time="2023-03-28T17:26:16+02:00" level=debug msg="http: TLS handshake error from 161.35.27.144:46966: tls: no cipher suite supported by both client and server"
time="2023-03-28T17:26:16+02:00" level=debug msg="http: TLS handshake error from 165.232.76.155:37294: read tcp 172.21.0.5:80->165.232.76.155:37294: read: connection reset by peer"
time="2023-03-28T17:26:16+02:00" level=debug msg="http: TLS handshake error from 161.35.27.144:46968: tls: client requested unsupported application protocols ([http/0.9 http/1.0 spdy/1 spdy/2 spdy/3 h2c hq])"
time="2023-03-28T17:26:16+02:00" level=debug msg="Serving default certificate for request: \"90.110.188.218\""
time="2023-03-28T17:26:16+02:00" level=debug msg="http: TLS handshake error from 165.232.76.155:37296: tls: no cipher suite supported by both client and server"
time="2023-03-28T17:26:16+02:00" level=debug msg="http: TLS handshake error from 161.35.27.144:46970: tls: client requested unsupported application protocols ([hq h2c spdy/3 spdy/2 spdy/1 http/1.0 http/0.9])"
time="2023-03-28T17:26:16+02:00" level=debug msg="http: TLS handshake error from 165.232.76.155:37298: tls: client requested unsupported application protocols ([http/0.9 http/1.0 spdy/1 spdy/2 spdy/3 h2c hq])"
time="2023-03-28T17:26:16+02:00" level=debug msg="http: TLS handshake error from 161.35.27.144:46974: tls: client offered only unsupported versions: [302 301]"
time="2023-03-28T17:26:16+02:00" level=debug msg="http: TLS handshake error from 165.232.76.155:37300: tls: client requested unsupported application protocols ([hq h2c spdy/3 spdy/2 spdy/1 http/1.0 http/0.9])"
time="2023-03-28T17:26:16+02:00" level=debug msg="Serving default certificate for request: \"90.110.188.218\""
time="2023-03-28T17:26:16+02:00" level=debug msg="http: TLS handshake error from 165.232.76.155:37302: tls: client offered only unsupported versions: [302 301]"
time="2023-03-28T17:26:16+02:00" level=debug msg="http: TLS handshake error from 161.35.27.144:46976: read tcp 172.21.0.5:443->161.35.27.144:46976: read: connection reset by peer"
time="2023-03-28T17:26:16+02:00" level=debug msg="Serving default certificate for request: \"90.110.188.218\""
time="2023-03-28T17:26:16+02:00" level=debug msg="Serving default certificate for request: \"90.110.188.218\""
time="2023-03-28T17:26:16+02:00" level=debug msg="http: TLS handshake error from 161.35.27.144:46978: read tcp 172.21.0.5:443->161.35.27.144:46978: read: connection reset by peer"
time="2023-03-28T17:26:16+02:00" level=debug msg="http: TLS handshake error from 165.232.76.155:37306: read tcp 172.21.0.5:80->165.232.76.155:37306: read: connection reset by peer"
time="2023-03-28T17:26:16+02:00" level=debug msg="Serving default certificate for request: \"90.110.188.218\""
time="2023-03-28T17:26:16+02:00" level=debug msg="Serving default certificate for request: \"90.110.188.218\""
time="2023-03-28T17:26:16+02:00" level=debug msg="http: TLS handshake error from 165.232.76.155:37308: read tcp 172.21.0.5:80->165.232.76.155:37308: read: connection reset by peer"
time="2023-03-28T17:26:16+02:00" level=debug msg="http: TLS handshake error from 161.35.27.144:46984: read tcp 172.21.0.5:443->161.35.27.144:46984: read: connection reset by peer"
time="2023-03-28T17:26:16+02:00" level=debug msg="Serving default certificate for request: \"90.110.188.218\""
time="2023-03-28T17:26:16+02:00" level=debug msg="Serving default certificate for request: \"90.110.188.218\""
time="2023-03-28T17:26:16+02:00" level=debug msg="http: TLS handshake error from 161.35.27.144:46988: read tcp 172.21.0.5:443->161.35.27.144:46988: read: connection reset by peer"
time="2023-03-28T17:26:16+02:00" level=debug msg="http: TLS handshake error from 165.232.76.155:37312: read tcp 172.21.0.5:80->165.232.76.155:37312: read: connection reset by peer"
time="2023-03-28T17:26:16+02:00" level=debug msg="Serving default certificate for request: \"90.110.188.218\""
time="2023-03-28T17:26:16+02:00" level=debug msg="http: TLS handshake error from 165.232.76.155:37314: read tcp 172.21.0.5:80->165.232.76.155:37314: read: connection reset by peer"
time="2023-03-28T17:38:07+02:00" level=debug msg="http: TLS handshake error from 198.54.131.103:34488: EOF"
time="2023-03-28T17:38:07+02:00" level=debug msg="http: TLS handshake error from 198.54.131.103:34504: EOF"
time="2023-03-28T17:38:08+02:00" level=debug msg="http: TLS handshake error from 198.54.131.103:49620: tls: client requested unsupported application protocols ([http/0.9 http/1.0 spdy/1 spdy/2 spdy/3 h2c hq])"
time="2023-03-28T17:38:08+02:00" level=debug msg="http: TLS handshake error from 198.54.131.103:49614: tls: no cipher suite supported by both client and server"
time="2023-03-28T17:38:08+02:00" level=debug msg="http: TLS handshake error from 198.54.131.103:49630: tls: client requested unsupported application protocols ([hq h2c spdy/3 spdy/2 spdy/1 http/1.0 http/0.9])"
time="2023-03-28T17:38:08+02:00" level=debug msg="http: TLS handshake error from 198.54.131.103:49642: tls: client offered only unsupported versions: [302 301]"
time="2023-03-28T17:38:09+02:00" level=debug msg="http: TLS handshake error from 198.54.131.103:49656: EOF"
time="2023-03-28T17:38:10+02:00" level=debug msg="http: TLS handshake error from 198.54.131.103:49664: EOF"
time="2023-03-28T17:38:10+02:00" level=debug msg="http: TLS handshake error from 198.54.131.103:49672: EOF"
time="2023-03-28T17:38:10+02:00" level=debug msg="http: TLS handshake error from 198.54.131.103:49680: EOF"

I have replaced my domain by domain.net in the log / setting for this topic
I don't know why I have got this error, do you think is a problem about OVH ? Setting DNS ? or other ?

Thank you

bluepuma77 · March 28, 2023, 4:49pm

If you use a fixed Host() on all your services, you can simply use tlsChallenge. dnsChallenge is always a bit more complicated. dnsChallenge is required for wildcard certs, which you probably need to specify with main/sans.

Try setting the delay to some minutes and check manually in OVH DNS if the TXT entries have been created.

Note that you do not need to expose ports on your services (except Traefik).

The secondary errors appear when a browser tries to connect to the default Traefik cert.

raynoxfr · March 28, 2023, 7:28pm

Thank you for your answer @bluepuma77
I have tried to change the delay to 5min, but it's the same, it doesn't work

time="2023-03-28T21:13:04+02:00" level=debug msg="Loading ACME certificates [test.domain.net]..." routerName=whoami@docker rule="Host(`test.domain.net`)" providerName=myresolver.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory"
time="2023-03-28T21:13:04+02:00" level=debug msg="Building ACME client..." providerName=myresolver.acme
time="2023-03-28T21:13:04+02:00" level=debug msg="https://acme-v02.api.letsencrypt.org/directory" providerName=myresolver.acme
time="2023-03-28T21:13:04+02:00" level=debug msg="No ACME certificate generation required for domains [\"index.domain.net\"]." ACME CA="https://acme-v02.api.letsencrypt.org/directory" providerName=myresolver.acme routerName=jackett@docker rule="Host(`index.domain.net`)"
time="2023-03-28T21:13:04+02:00" level=debug msg="Using DNS Challenge provider: ovh" providerName=myresolver.acme
time="2023-03-28T21:13:04+02:00" level=debug msg="legolog: [INFO] [test.domain.net] acme: Obtaining bundled SAN certificate"
time="2023-03-28T21:13:05+02:00" level=debug msg="legolog: [INFO] [test.domain.net] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/214772803097"
time="2023-03-28T21:13:05+02:00" level=debug msg="legolog: [INFO] [test.domain.net] acme: Could not find solver for: tls-alpn-01"
time="2023-03-28T21:13:05+02:00" level=debug msg="legolog: [INFO] [test.domain.net] acme: Could not find solver for: http-01"
time="2023-03-28T21:13:05+02:00" level=debug msg="legolog: [INFO] [test.domain.net] acme: use dns-01 solver"
time="2023-03-28T21:13:05+02:00" level=debug msg="legolog: [INFO] [test.domain.net] acme: Preparing to solve DNS-01"
time="2023-03-28T21:13:06+02:00" level=debug msg="legolog: [INFO] [test.domain.net] acme: Trying to solve DNS-01"
time="2023-03-28T21:13:06+02:00" level=debug msg="legolog: [INFO] [test.domain.net] acme: Checking DNS record propagation using [127.0.0.11:53]"
time="2023-03-28T21:13:08+02:00" level=debug msg="legolog: [INFO] Wait for propagation [timeout: 1m0s, interval: 2s]"
time="2023-03-28T21:13:08+02:00" level=debug msg="Delaying 300000000000 rather than validating DNS propagation now." providerName=myresolver.acme
time="2023-03-28T21:18:08+02:00" level=debug msg="legolog: [INFO] [test.domain.net] acme: Waiting for DNS record propagation."
time="2023-03-28T21:18:10+02:00" level=debug msg="legolog: [INFO] [test.domain.net] acme: Cleaning DNS-01 challenge"
time="2023-03-28T21:18:11+02:00" level=debug msg="legolog: [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/[REPLACED]"
time="2023-03-28T21:18:12+02:00" level=error msg="Unable to obtain ACME certificate for domains \"test.domain.net\": unable to generate a certificate for the domains [test.domain.net]: error: one or more domains had a problem:\n[test.domain.net] time limit exceeded: last error: NS dns.ovh.net. returned SERVFAIL for _acme-challenge.test.domain.net.\n" providerName=myresolver.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory" routerName=whoami@docker rule="Host(`test.domain.net`)"

It's frustrating, because I have follow different tutorial about DNS Challenge with OVH hoster.
Otherwise, indeed, I can use TLS Challenge, but I don't want to manage it, with DNS Challenge, I can have a wildcard cert. I think it's a problem about OVH, but I'm not sure, what do you think ? My setting are they ok ?

About the TXT entries, Today I have already checked, but I haven't them....

By default, if I can't use DNS Challenge, I will use TLS Challenge.
For the ports, I have exposed 8082:80, just for testing, it's a container for that, but I don't expose for other container.

raynoxfr · March 30, 2023, 12:47pm

If somebody have the problem...
For information, I tried to use "certbot" to be sure, it's not a problem about my setting.
When I try to use the command line, I got an error...

So I follow another webpage, and I do it :
https://api.ovh.com/createToken/
Add the follow privileges :

GET /domain/zone/
GET /domain/zone/domain.net/
GET /domain/zone/domain.net/status
GET /domain/zone/domain.net/record
GET /domain/zone/domain.net/record/*
POST /domain/zone/domain.net/record
POST /domain/zone/domain.net/refresh
DELETE /domain/zone/domain.net/record/*

Submit the form...

After that, create a file ovh.ini with :

dns_ovh_endpoint = ovh-eu
dns_ovh_application_key = xxxxxx (replace by the value)
dns_ovh_application_secret = xxxxxx (replace by the value)
dns_ovh_consumer_key = xxxxxx (replace by the value)

Run :

certbot certonly --dns-ovh --dns-ovh-credentials ~/ovh.ini -d domain.net -v

If everything is good :

certbot certonly --dns-ovh --dns-ovh-credentials ~/ovh.ini -d domain.net -v
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator dns-ovh, Installer None
Requesting a certificate for domain.net
Performing the following challenges:
dns-01 challenge for domain.net
Waiting 120 seconds for DNS changes to propagate
Waiting for verification...
Cleaning up challenges

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/domain.net/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/domain.net/privkey.pem
This certificate expires on 2023-06-28.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le

Now when I check on the OVH panel, I can see :

[type or paste code here](http://acme-challenge.domain.net)

Now, I'm sure my credential is good, I'm going to configure Traefik....

raynoxfr · March 30, 2023, 1:27pm

I have change the setting for traefik, because I know with certbot it's working, so it's not an issue with OVH, I have still the issue... I don't know what can I do

time="2023-03-30T15:22:14+02:00" level=debug msg="Using DNS Challenge provider: ovh" providerName=myresolver.acme
time="2023-03-30T15:22:14+02:00" level=debug msg="legolog: [INFO] [test.domain.net] acme: Obtaining bundled SAN certificate"
time="2023-03-30T15:22:14+02:00" level=debug msg="legolog: [INFO] [test.domain.net] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/..."
time="2023-03-30T15:22:14+02:00" level=debug msg="legolog: [INFO] [test.domain.net] acme: Could not find solver for: tls-alpn-01"
time="2023-03-30T15:22:14+02:00" level=debug msg="legolog: [INFO] [test.domain.net] acme: Could not find solver for: http-01"
time="2023-03-30T15:22:14+02:00" level=debug msg="legolog: [INFO] [test.domain.net] acme: use dns-01 solver"
time="2023-03-30T15:22:14+02:00" level=debug msg="legolog: [INFO] [test.domain.net] acme: Preparing to solve DNS-01"
time="2023-03-30T15:22:15+02:00" level=debug msg="legolog: [INFO] [test.domain.net] acme: Trying to solve DNS-01"
time="2023-03-30T15:22:15+02:00" level=debug msg="legolog: [INFO] [test.domain.net] acme: Checking DNS record propagation using [127.0.0.11:53]"
time="2023-03-30T15:22:17+02:00" level=debug msg="legolog: [INFO] Wait for propagation [timeout: 1m0s, interval: 2s]"
time="2023-03-30T15:22:17+02:00" level=debug msg="Delaying 10000000000 rather than validating DNS propagation now." providerName=myresolver.acme
time="2023-03-30T15:22:27+02:00" level=debug msg="legolog: [INFO] [test.domain.net] acme: Waiting for DNS record propagation."
time="2023-03-30T15:22:29+02:00" level=debug msg="Delaying 10000000000 rather than validating DNS propagation now." providerName=myresolver.acme
time="2023-03-30T15:22:38+02:00" level=debug msg="Serving default certificate for request: \"domain.net\""
time="2023-03-30T15:22:39+02:00" level=debug msg="legolog: [INFO] [test.domain.net] acme: Waiting for DNS record propagation."
time="2023-03-30T15:22:41+02:00" level=debug msg="Delaying 10000000000 rather than validating DNS propagation now." providerName=myresolver.acme
time="2023-03-30T15:22:51+02:00" level=debug msg="legolog: [INFO] [test.domain.net] acme: Waiting for DNS record propagation."
time="2023-03-30T15:22:53+02:00" level=debug msg="Delaying 10000000000 rather than validating DNS propagation now." providerName=myresolver.acme
time="2023-03-30T15:23:03+02:00" level=debug msg="legolog: [INFO] [test.domain.net] acme: Waiting for DNS record propagation."
time="2023-03-30T15:23:05+02:00" level=debug msg="Delaying 10000000000 rather than validating DNS propagation now." providerName=myresolver.acme
time="2023-03-30T15:23:15+02:00" level=debug msg="legolog: [INFO] [test.domain.net] acme: Waiting for DNS record propagation."
time="2023-03-30T15:23:17+02:00" level=debug msg="legolog: [INFO] [test.domain.net] acme: Cleaning DNS-01 challenge"
time="2023-03-30T15:23:18+02:00" level=debug msg="legolog: [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/..."
time="2023-03-30T15:23:18+02:00" level=error msg="Unable to obtain ACME certificate for domains \"test.domain.net\": unable to generate a certificate for the domains [test.domain.net]: error: one or more domains had a problem:\n[test.domain.net] time limit exceeded: last error: NS dns.ovh.net. returned SERVFAIL for _acme-challenge.test.domain.net.\n" ACME CA="https://acme-v02.api.letsencrypt.org/directory" routerName=whoami@docker rule="Host(`test.domain.net`)" providerName=myresolver.acme

raynoxfr · March 30, 2023, 1:56pm

I didn't change a lot of thing, just delaybeforecheck from 10 to 60.
It feel better, but I don't have TXT entry for DNS...

time="2023-03-30T15:47:13+02:00" level=debug msg="https://acme-v02.api.letsencrypt.org/directory" providerName=myresolver.acme
time="2023-03-30T15:47:13+02:00" level=debug msg="No ACME certificate generation required for domains [\"request.domain.net\"]." providerName=myresolver.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory" routerName=overseerr@docker rule="Host(`request.domain.net`)"
time="2023-03-30T15:47:13+02:00" level=debug msg="Looking for provided certificate(s) to validate [\"index.domain.net\"]..." ACME CA="https://acme-v02.api.letsencrypt.org/directory" routerName=jackett@docker rule="Host(`index.domain.net`)" providerName=myresolver.acme
time="2023-03-30T15:47:13+02:00" level=debug msg="No ACME certificate generation required for domains [\"index.domain.net\"]." providerName=myresolver.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory" routerName=jackett@docker rule="Host(`index.domain.net`)"
time="2023-03-30T15:47:14+02:00" level=debug msg="Using DNS Challenge provider: ovh" providerName=myresolver.acme
time="2023-03-30T15:47:14+02:00" level=debug msg="legolog: [INFO] [test.domain.net] acme: Obtaining bundled SAN certificate"
time="2023-03-30T15:47:14+02:00" level=debug msg="legolog: [INFO] [test.domain.net] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/[replaced]"
time="2023-03-30T15:47:14+02:00" level=debug msg="legolog: [INFO] [test.domain.net] acme: Could not find solver for: tls-alpn-01"
time="2023-03-30T15:47:14+02:00" level=debug msg="legolog: [INFO] [test.domain.net] acme: Could not find solver for: http-01"
time="2023-03-30T15:47:14+02:00" level=debug msg="legolog: [INFO] [test.domain.net] acme: use dns-01 solver"
time="2023-03-30T15:47:14+02:00" level=debug msg="legolog: [INFO] [test.domain.net] acme: Preparing to solve DNS-01"
time="2023-03-30T15:47:15+02:00" level=debug msg="legolog: [INFO] [test.domain.net] acme: Trying to solve DNS-01"
time="2023-03-30T15:47:15+02:00" level=debug msg="legolog: [INFO] [test.domain.net] acme: Checking DNS record propagation using [127.0.0.11:53]"
time="2023-03-30T15:47:17+02:00" level=debug msg="Delaying 60000000000 rather than validating DNS propagation now." providerName=myresolver.acme
time="2023-03-30T15:47:17+02:00" level=debug msg="legolog: [INFO] Wait for propagation [timeout: 1m0s, interval: 2s]"
time="2023-03-30T15:47:29+02:00" level=debug msg="Serving default certificate for request: \"movie.domain.net\""
time="2023-03-30T15:48:22+02:00" level=debug msg="legolog: [INFO] [test.domain.net] The server validated our request"
time="2023-03-30T15:48:22+02:00" level=debug msg="legolog: [INFO] [test.domain.net] acme: Cleaning DNS-01 challenge"
time="2023-03-30T15:48:22+02:00" level=debug msg="legolog: [INFO] [test.domain.net] acme: Validations succeeded; requesting certificates"
time="2023-03-30T15:48:24+02:00" level=debug msg="legolog: [INFO] [test.domain.net] Server responded with a certificate."
time="2023-03-30T15:48:24+02:00" level=debug msg="Certificates obtained for domains [test.domain.net]" routerName=whoami@docker rule="Host(`test.domain.net`)" providerName=myresolver.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory"
time="2023-03-30T15:48:24+02:00" level=debug msg="Configuration received: {\"http\":{},\"tcp\":{},\"udp\":{},\"tls\":{}}" providerName=myresolver.acme
time="2023-03-30T15:48:24+02:00" level=debug msg="Adding certificate for domain(s) index.domain.net"
time="2023-03-30T15:48:24+02:00" level=debug msg="Adding certificate for domain(s) request.domain.net"
time="2023-03-30T15:48:24+02:00" level=debug msg="Adding certificate for domain(s) test.domain.net"
time="2023-03-30T15:48:25+02:00" level=debug msg="No default certificate, fallback to the internal generated certificate" tlsStoreName=default
time="2023-03-30T15:48:25+02:00" level=debug msg="Creating middleware" middlewareName=pipelining middlewareType=Pipelining routerName=radarr@docker serviceName=radarr entryPointName=web
time="2023-03-30T15:48:25+02:00" level=debug msg="Creating load-balancer" entryPointName=web routerName=radarr@docker serviceName=radarr
time="2023-03-30T15:48:25+02:00" level=debug msg="Creating server 0 http://172.21.0.2:7878" serviceName=radarr serverName=0 entryPointName=web routerName=radarr@docker
time="2023-03-30T15:48:25+02:00" level=debug msg="child http://172.21.0.2:7878 now UP"
time="2023-03-30T15:48:25+02:00" level=debug msg="Propagating new UP status"
time="2023-03-30T15:48:25+02:00" level=debug msg="Added outgoing tracing middleware radarr" middlewareName=tracing middlewareType=TracingForwarder entryPointName=web routerName=radarr@docker
time="2023-03-30T15:48:25+02:00" level=debug msg="Creating middleware" entryPointName=web routerName=rdtclient@docker middlewareName=pipelining middlewareType=Pipelining serviceName=rdtclient
time="2023-03-30T15:48:25+02:00" level=debug msg="Creating load-balancer" entryPointName=web routerName=rdtclient@docker serviceName=rdtclient
time="2023-03-30T15:48:25+02:00" level=debug msg="Creating server 0 http://172.21.0.4:6500" routerName=rdtclient@docker serviceName=rdtclient serverName=0 entryPointName=web
time="2023-03-30T15:48:25+02:00" level=debug msg="child http://172.21.0.4:6500 now UP"
time="2023-03-30T15:48:25+02:00" level=debug msg="Propagating new UP status"
time="2023-03-30T15:48:25+02:00" level=debug msg="Added outgoing tracing middleware rdtclient" middlewareType=TracingForwarder entryPointName=web routerName=rdtclient@docker middlewareName=tracing
time="2023-03-30T15:48:25+02:00" level=debug msg="Creating middleware" middlewareType=Pipelining routerName=sonarr@docker serviceName=sonarr entryPointName=web middlewareName=pipelining
time="2023-03-30T15:48:25+02:00" level=debug msg="Creating load-balancer" entryPointName=web routerName=sonarr@docker serviceName=sonarr
time="2023-03-30T15:48:25+02:00" level=debug msg="Creating server 0 http://172.21.0.3:8989" serviceName=sonarr entryPointName=web routerName=sonarr@docker serverName=0
time="2023-03-30T15:48:25+02:00" level=debug msg="child http://172.21.0.3:8989 now UP"
time="2023-03-30T15:48:25+02:00" level=debug msg="Propagating new UP status"
time="2023-03-30T15:48:25+02:00" level=debug msg="Added outgoing tracing middleware sonarr" middlewareType=TracingForwarder routerName=sonarr@docker entryPointName=web middlewareName=tracing
time="2023-03-30T15:48:25+02:00" level=debug msg="Creating middleware" entryPointName=web routerName=portainer@docker serviceName=portainer middlewareName=pipelining middlewareType=Pipelining
time="2023-03-30T15:48:25+02:00" level=debug msg="Creating load-balancer" serviceName=portainer entryPointName=web routerName=portainer@docker
time="2023-03-30T15:48:25+02:00" level=debug msg="Creating server 0 http://172.21.0.9:9000" entryPointName=web routerName=portainer@docker serviceName=portainer serverName=0
time="2023-03-30T15:48:25+02:00" level=debug msg="child http://172.21.0.9:9000 now UP"
time="2023-03-30T15:48:25+02:00" level=debug msg="Propagating new UP status"
time="2023-03-30T15:48:25+02:00" level=debug msg="Added outgoing tracing middleware portainer" routerName=portainer@docker middlewareName=tracing middlewareType=TracingForwarder entryPointName=web
time="2023-03-30T15:48:25+02:00" level=debug msg="Added outgoing tracing middleware noop@internal" entryPointName=web routerName=web-to-websecure@internal middlewareType=TracingForwarder middlewareName=tracing
time="2023-03-30T15:48:25+02:00" level=debug msg="Creating middleware" middlewareType=RedirectScheme entryPointName=web routerName=web-to-websecure@internal middlewareName=redirect-web-to-websecure@internal
time="2023-03-30T15:48:25+02:00" level=debug msg="Setting up redirection to https 443" middlewareName=redirect-web-to-websecure@internal middlewareType=RedirectScheme entryPointName=web routerName=web-to-websecure@internal
time="2023-03-30T15:48:25+02:00" level=debug msg="Creating middleware" entryPointName=web routerName=plex@docker serviceName=plex middlewareName=pipelining middlewareType=Pipelining
time="2023-03-30T15:48:25+02:00" level=debug msg="Creating load-balancer" entryPointName=web routerName=plex@docker serviceName=plex
time="2023-03-30T15:48:25+02:00" level=debug msg="Creating server 0 http://172.21.0.8:32400" serverName=0 serviceName=plex entryPointName=web routerName=plex@docker
time="2023-03-30T15:48:25+02:00" level=debug msg="child http://172.21.0.8:32400 now UP"
time="2023-03-30T15:48:25+02:00" level=debug msg="Propagating new UP status"
time="2023-03-30T15:48:25+02:00" level=debug msg="Added outgoing tracing middleware plex" routerName=plex@docker middlewareName=tracing middlewareType=TracingForwarder entryPointName=web
time="2023-03-30T15:48:25+02:00" level=debug msg="Creating middleware" entryPointName=web middlewareName=traefik-internal-recovery middlewareType=Recovery
time="2023-03-30T15:48:25+02:00" level=debug msg="Added outgoing tracing middleware api@internal" middlewareName=tracing middlewareType=TracingForwarder entryPointName=traefik routerName=api@internal
time="2023-03-30T15:48:25+02:00" level=debug msg="Added outgoing tracing middleware dashboard@internal" entryPointName=traefik routerName=dashboard@internal middlewareName=tracing middlewareType=TracingForwarder
time="2023-03-30T15:48:25+02:00" level=debug msg="Creating middleware" middlewareType=StripPrefix entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_stripprefix@internal
time="2023-03-30T15:48:25+02:00" level=debug msg="Adding tracing to middleware" middlewareName=dashboard_stripprefix@internal entryPointName=traefik routerName=dashboard@internal
time="2023-03-30T15:48:25+02:00" level=debug msg="Creating middleware" middlewareName=dashboard_redirect@internal middlewareType=RedirectRegex entryPointName=traefik routerName=dashboard@internal
time="2023-03-30T15:48:25+02:00" level=debug msg="Setting up redirection from ^(http:\\/\\/(\\[[\\w:.]+\\]|[\\w\\._-]+)(:\\d+)?)\\/$ to ${1}/dashboard/" middlewareName=dashboard_redirect@internal middlewareType=RedirectRegex entryPointName=traefik routerName=dashboard@internal
time="2023-03-30T15:48:25+02:00" level=debug msg="Adding tracing to middleware" routerName=dashboard@internal middlewareName=dashboard_redirect@internal entryPointName=traefik
time="2023-03-30T15:48:25+02:00" level=debug msg="Creating middleware" middlewareName=traefik-internal-recovery middlewareType=Recovery entryPointName=traefik
time="2023-03-30T15:48:25+02:00" level=debug msg="Creating middleware" middlewareName=pipelining middlewareType=Pipelining entryPointName=websecure routerName=whoami@docker serviceName=whoami-whoami
time="2023-03-30T15:48:25+02:00" level=debug msg="Creating load-balancer" entryPointName=websecure routerName=whoami@docker serviceName=whoami-whoami
time="2023-03-30T15:48:25+02:00" level=debug msg="Creating server 0 http://172.21.0.10:80" serverName=0 entryPointName=websecure routerName=whoami@docker serviceName=whoami-whoami
time="2023-03-30T15:48:25+02:00" level=debug msg="child http://172.21.0.10:80 now UP"
time="2023-03-30T15:48:25+02:00" level=debug msg="Propagating new UP status"
time="2023-03-30T15:48:25+02:00" level=debug msg="Added outgoing tracing middleware whoami-whoami" middlewareType=TracingForwarder routerName=whoami@docker entryPointName=websecure middlewareName=tracing
time="2023-03-30T15:48:25+02:00" level=debug msg="Creating middleware" serviceName=jackett middlewareName=pipelining middlewareType=Pipelining routerName=jackett@docker entryPointName=websecure
time="2023-03-30T15:48:25+02:00" level=debug msg="Creating load-balancer" routerName=jackett@docker entryPointName=websecure serviceName=jackett
time="2023-03-30T15:48:25+02:00" level=debug msg="Creating server 0 http://172.21.0.7:9117" serverName=0 routerName=jackett@docker entryPointName=websecure serviceName=jackett
time="2023-03-30T15:48:25+02:00" level=debug msg="child http://172.21.0.7:9117 now UP"
time="2023-03-30T15:48:25+02:00" level=debug msg="Propagating new UP status"
time="2023-03-30T15:48:25+02:00" level=debug msg="Added outgoing tracing middleware jackett" entryPointName=websecure routerName=jackett@docker middlewareName=tracing middlewareType=TracingForwarder
time="2023-03-30T15:48:25+02:00" level=debug msg="Creating middleware" entryPointName=websecure routerName=overseerr@docker serviceName=overseerr middlewareName=pipelining middlewareType=Pipelining
time="2023-03-30T15:48:25+02:00" level=debug msg="Creating load-balancer" entryPointName=websecure routerName=overseerr@docker serviceName=overseerr
time="2023-03-30T15:48:25+02:00" level=debug msg="Creating server 0 http://172.21.0.6:5055" serviceName=overseerr entryPointName=websecure routerName=overseerr@docker serverName=0
time="2023-03-30T15:48:25+02:00" level=debug msg="child http://172.21.0.6:5055 now UP"
time="2023-03-30T15:48:25+02:00" level=debug msg="Propagating new UP status"
time="2023-03-30T15:48:25+02:00" level=debug msg="Added outgoing tracing middleware overseerr" middlewareType=TracingForwarder entryPointName=websecure routerName=overseerr@docker middlewareName=tracing
time="2023-03-30T15:48:25+02:00" level=debug msg="Creating middleware" middlewareType=Recovery entryPointName=websecure middlewareName=traefik-internal-recovery
time="2023-03-30T15:48:25+02:00" level=debug msg="Adding route for request.domain.net with TLS options default" entryPointName=websecure
time="2023-03-30T15:48:25+02:00" level=debug msg="Adding route for test.domain.net with TLS options default" entryPointName=websecure
time="2023-03-30T15:48:25+02:00" level=debug msg="Adding route for index.domain.net with TLS options default" entryPointName=websecure
time="2023-03-30T15:48:25+02:00" level=debug msg="Trying to challenge certificate for domain [request.domain.net] found in HostSNI rule" providerName=myresolver.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory" routerName=overseerr@docker rule="Host(`request.domain.net`)"
time="2023-03-30T15:48:25+02:00" level=debug msg="Trying to challenge certificate for domain [test.domain.net] found in HostSNI rule" rule="Host(`test.domain.net`)" providerName=myresolver.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory" routerName=whoami@docker
time="2023-03-30T15:48:25+02:00" level=debug msg="Trying to challenge certificate for domain [index.domain.net] found in HostSNI rule" providerName=myresolver.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory" routerName=jackett@docker rule="Host(`index.domain.net`)"
time="2023-03-30T15:48:25+02:00" level=debug msg="Looking for provided certificate(s) to validate [\"request.domain.net\"]..." routerName=overseerr@docker rule="Host(`request.domain.net`)" providerName=myresolver.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory"
time="2023-03-30T15:48:25+02:00" level=debug msg="Looking for provided certificate(s) to validate [\"test.domain.net\"]..." providerName=myresolver.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory" routerName=whoami@docker rule="Host(`test.domain.net`)"
time="2023-03-30T15:48:25+02:00" level=debug msg="Looking for provided certificate(s) to validate [\"index.domain.net\"]..." routerName=jackett@docker rule="Host(`index.domain.net`)" providerName=myresolver.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory"
time="2023-03-30T15:48:25+02:00" level=debug msg="No ACME certificate generation required for domains [\"test.domain.net\"]." rule="Host(`test.domain.net`)" providerName=myresolver.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory" routerName=whoami@docker
time="2023-03-30T15:48:25+02:00" level=debug msg="No ACME certificate generation required for domains [\"request.domain.net\"]." routerName=overseerr@docker rule="Host(`request.domain.net`)" providerName=myresolver.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory"
time="2023-03-30T15:48:25+02:00" level=debug msg="No ACME certificate generation required for domains [\"index.domain.net\"]." rule="Host(`index.domain.net`)" providerName=myresolver.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory" routerName=jackett@docker
time="2023-03-30T15:50:50+02:00" level=debug msg="Serving default certificate for request: \"domain.net\""

raynoxfr · March 30, 2023, 2:11pm

I let exactly the same setting and add a new container "show" :

time="2023-03-30T16:07:00+02:00" level=debug msg="Loading ACME certificates [show.domain.net]..." routerName=sonarr@docker rule="Host(`show.domain.net`)" ACME CA="https://acme-v02.api.letsencrypt.org/directory" providerName=myresolver.acme
time="2023-03-30T16:07:00+02:00" level=debug msg="Building ACME client..." providerName=myresolver.acme
time="2023-03-30T16:07:00+02:00" level=debug msg="https://acme-v02.api.letsencrypt.org/directory" providerName=myresolver.acme
time="2023-03-30T16:07:00+02:00" level=debug msg="No ACME certificate generation required for domains [\"test.domain.net\"]." rule="Host(`test.domain.net`)" providerName=myresolver.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory" routerName=whoami@docker
time="2023-03-30T16:07:00+02:00" level=debug msg="Looking for provided certificate(s) to validate [\"request.domain.net\"]..." routerName=overseerr@docker rule="Host(`request.domain.net`)" ACME CA="https://acme-v02.api.letsencrypt.org/directory" providerName=myresolver.acme
time="2023-03-30T16:07:00+02:00" level=debug msg="No ACME certificate generation required for domains [\"request.domain.net\"]." ACME CA="https://acme-v02.api.letsencrypt.org/directory" providerName=myresolver.acme routerName=overseerr@docker rule="Host(`request.domain.net`)"
time="2023-03-30T16:07:00+02:00" level=debug msg="Looking for provided certificate(s) to validate [\"index.domain.net\"]..." routerName=jackett@docker rule="Host(`index.domain.net`)" ACME CA="https://acme-v02.api.letsencrypt.org/directory" providerName=myresolver.acme
time="2023-03-30T16:07:00+02:00" level=debug msg="No ACME certificate generation required for domains [\"index.domain.net\"]." ACME CA="https://acme-v02.api.letsencrypt.org/directory" providerName=myresolver.acme routerName=jackett@docker rule="Host(`index.domain.net`)"
time="2023-03-30T16:07:00+02:00" level=debug msg="Using DNS Challenge provider: ovh" providerName=myresolver.acme
time="2023-03-30T16:07:00+02:00" level=debug msg="legolog: [INFO] [show.domain.net] acme: Obtaining bundled SAN certificate"
time="2023-03-30T16:07:01+02:00" level=debug msg="legolog: [INFO] [show.domain.net] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/[replaced]"
time="2023-03-30T16:07:01+02:00" level=debug msg="legolog: [INFO] [show.domain.net] acme: Could not find solver for: tls-alpn-01"
time="2023-03-30T16:07:01+02:00" level=debug msg="legolog: [INFO] [show.domain.net] acme: Could not find solver for: http-01"
time="2023-03-30T16:07:01+02:00" level=debug msg="legolog: [INFO] [show.domain.net] acme: use dns-01 solver"
time="2023-03-30T16:07:01+02:00" level=debug msg="legolog: [INFO] [show.domain.net] acme: Preparing to solve DNS-01"
time="2023-03-30T16:07:02+02:00" level=debug msg="legolog: [INFO] [show.domain.net] acme: Trying to solve DNS-01"
time="2023-03-30T16:07:02+02:00" level=debug msg="legolog: [INFO] [show.domain.net] acme: Checking DNS record propagation using [127.0.0.11:53]"
time="2023-03-30T16:07:04+02:00" level=debug msg="legolog: [INFO] Wait for propagation [timeout: 1m0s, interval: 2s]"
time="2023-03-30T16:07:04+02:00" level=debug msg="Delaying 60000000000 rather than validating DNS propagation now." providerName=myresolver.acme
time="2023-03-30T16:07:28+02:00" level=debug msg="Serving default certificate for request: \"www.domain.net\""
time="2023-03-30T16:07:28+02:00" level=debug msg="http: TLS handshake error from 192.185.83.160:54128: remote error: tls: bad certificate"
time="2023-03-30T16:08:04+02:00" level=debug msg="legolog: [INFO] [show.domain.net] acme: Waiting for DNS record propagation."
time="2023-03-30T16:08:06+02:00" level=debug msg="legolog: [INFO] [show.domain.net] acme: Cleaning DNS-01 challenge"
time="2023-03-30T16:08:12+02:00" level=debug msg="legolog: [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/[replaced]"
time="2023-03-30T16:08:12+02:00" level=error msg="Unable to obtain ACME certificate for domains \"show.domain.net\": unable to generate a certificate for the domains [show.domain.net]: error: one or more domains had a problem:\n[show.domain.net] time limit exceeded: last error: NS dns.ovh.net. returned SERVFAIL for _acme-challenge.show.domain.net.\n" rule="Host(`show.domain.net`)" ACME CA="https://acme-v02.api.letsencrypt.org/directory" providerName=myresolver.acme routerName=sonarr@docker
time="2023-03-30T16:08:33+02:00" level=debug msg="Serving default certificate for request: \"show.domain.net\""
time="2023-03-30T16:08:33+02:00" level=debug msg="Serving default certificate for request: \"show.domain.net\""

I don't know why I have got it... I have no idea

bluepuma77 · March 30, 2023, 4:24pm

Have you tried removing this? Should have automatically usable defaults.

PS: Have you tested the simpler tlsChallenge?

raynoxfr · March 31, 2023, 2:59pm

Thank you for your help
I have already tried to remove it, but it doesn't change anything.
About another Challenge, I have tried HTTP challenge without any problem... About DNS challenge, it's not that simple

raynoxfr · April 21, 2023, 4:12pm

I'm coming back, because I have to use DNS Challenge, I think so...
Because I want to secure some other ports like 32400 (plex) and I would like to do it with traefik.
I have opened another topics recently :

And from another people about it :

I think so, I have to use DNS challenge to do what I want to do.

Are you sure it's not a "bug" about traefik (bad request for example), because 22 days ago, I have tried with certbot, and I was able to add the entry to the DNS ?

bluepuma77 · April 21, 2023, 6:32pm

I would expect that you can use another port if you use a standard port, too. So if you can run a service on port 80 or 443 with LetsEncrypt with the desired domain name, the created cert should also work for a router on another port with the same domain name.

raynoxfr · April 22, 2023, 1:34pm

I have solved by changing some settings, and it was necessary to add also :

- "--certificatesresolvers.myresolver.acme.dnschallenge.disablepropagationcheck=true"

If someone has the problem my docker-compose :

version: "3"
services:

  traefik:
    container_name: "traefik"
    image: traefik:latest
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    command:
      - "--log.level=DEBUG"
      #- "--api.insecure=true"
      - '--api=true'
      - '--api.dashboard=true'
      
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.web.http.redirections.entrypoint.to=websecure"
      - "--entrypoints.web.http.redirections.entrypoint.scheme=https"
      - "--entrypoints.websecure.address=:443"
      
      - "--entryPoints.plex.address=:32400"
      - "--entrypoints.plex.http.redirections.entrypoint.to=plex"
      - "--entrypoints.plex.http.redirections.entrypoint.scheme=https"
      
      # Commun HTTPS challenge properties
      - "--certificatesresolvers.myresolver.acme.email=certificat@domain.ext"
      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
      - "--certificatesresolvers.myresolver.acme.caserver=https://acme-v02.api.letsencrypt.org/directory" # For live
      #- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory" # For testing
      
      ### DNS Challenge ###
      - "--certificatesresolvers.myresolver.acme.dnschallenge=true"
      - "--certificatesresolvers.myresolver.acme.dnschallenge.provider=ovh"
      - "--certificatesresolvers.myresolver.acme.dnschallenge.delaybeforecheck=10"
      - "--certificatesresolvers.myresolver.acme.dnschallenge.disablepropagationcheck=true"

      
      ### HTTP Challenge ###
      #- "--certificatesresolvers.myresolver.acme.httpchallenge=true"
      #- "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"

      
      
    environment:
      - "TZ=Europe/Paris"
      ### DNS ###
      - "OVH_ENDPOINT=ovh-eu"
      - "OVH_APPLICATION_KEY=###########"
      - "OVH_APPLICATION_SECRET=###########"
      - "OVH_CONSUMER_KEY=###########"
    ports:
      - "80:80"
      - "443:443"
      - "32400:32400"
      #- "8080:8080"
    networks:
      - traefik_proxy
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "/docker/traefik/config:/etc/traefik:ro"
      - "/docker/traefik/letsencrypt:/letsencrypt"
      
    labels:
      - "traefik.enable=true"
      - "traefik.frontend.passHostHeader=true"
      # HTTP Catchall for redirecting HTTP -> HTTPS
      - "traefik.http.routers.traefik.rule=PathPrefix(`/`)"
      - "traefik.http.routers.traefik.entrypoints=web"
      - "traefik.http.routers.traefik.rule=Host(`routing.domain.ext`)"
      - "traefik.http.routers.traefik.middlewares=redirect-to-https"
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=websecure"
      # Dashboard
      - "traefik.http.routers.traefik-secure.entrypoints=websecure"
      - "traefik.http.routers.traefik-secure.rule=Host(`routing.domain.ext`)"
      - "traefik.http.routers.traefik-secure.tls=true"
      - "traefik.http.routers.traefik-secure.tls.certresolver=myresolver"
      - "traefik.http.routers.traefik-secure.service=api@internal"
      - "traefik.http.services.api@internal.loadbalancer.server.port=8080" # Required in swarms, https://doc.traefik.io/traefik/v2.0/routing/providers/docker/#services

networks: 
  traefik_proxy:
    external: true

For OVH access rules :

curl -XPOST -H"X-Ovh-Application: ###########" -H "Content-type: application/json"
https://eu.api.ovh.com/1.0/auth/credential -d '{
"accessRules": [
{
"method": "GET",
"path": "/domain/zone/"
},
{
"method": "GET",
"path": "/domain/zone/domain.ext/"
},
{
"method": "PUT",
"path": "/domain/zone/domain.ext/"
},
{
"method": "POST",
"path": "/domain/zone/domain.ext/"
},
{
"method": "DELETE",
"path": "/domain/zone/domain.ext/"
}
],
"redirection":"https://www.google.com>/"
}'

But it doesn't solve my wrong certificat for https and port 32400, strange...
For this point, it's solved

Topic		Replies	Views
Help for DNS challenge setup Traefik v2 (latest) docker , letsencrypt-acme	2	686	September 7, 2021
Lets encrypt dns challenge via traefik docker compose (problem only on arch) Traefik v2 (latest) letsencrypt-acme	6	1979	May 28, 2023
Can't use SSL with LETSENCRYPT: No ACME certificate generation required for domains Traefik v2 (latest) docker	1	2567	December 23, 2019
DnsChallenge - Configure different OVH provider with different configuration Traefik v2 (latest) docker , letsencrypt-acme	0	542	July 16, 2021
DNS-01 challenge with OVH not working "acme: error cleaning up: ovh: unknown record ID" "acme: Error -\u003e" Traefik v2 (latest) docker , letsencrypt-acme	3	2494	January 4, 2021

DNS Challenge OVH - unable to generate a certificate for the domains / NS ns.ovh.net. returned SERVFAIL

Related Topics