level=error msg="Unable to obtain ACME certificate for domains \"traefik.springbox-office.com\": cannot get ACME client get directory at 'https://acme-staging-v02.api.letsencrypt.org/directory': Get \"https://acme-staging-v02.api.letsencrypt.org/directory\": dial tcp: lookup acme-staging-v02.api.letsencrypt.org on 127.0.0.11:53: read udp 127.0.0.1:39698->127.0.0.11:53: i/o timeout" providerName=letsencrypt.acme routerName=api@docker rule="Host(`traefik.springbox-office.com`)"
Why Traefik uses docker default DNS server for address resolution (i.e. 127.0.0.11) ?
The following command fails:
How can I do for Traefik to change the default DNS server to query (I guess that the only one available is the docker DNS server that cannot reach external servers like google.com either Let's Encrypt end point) ?
Same way as with any docker container. Both docker and docker-compose give you this option. Look it up in their docos. Of course docker needs to be able to reach whatever dns servers you specify, depending on how networking is setup it is not always the case.
This is just using the resolver in /etc/resolv.conf which, when you are using a docker network(this is by default implicit with docker-compose), is the docker DNS resolver and it is so you can resolve other containers on the same network.
Your dig should be: dig acme-staging-v02.api.letsencrypt.org
This one works but I wanted to test the docker internal dns.
To summarize DNS external resolution works fine outside container (in the host) and badly inside.
Therefore, there is something wrong in docker configuration in my side (I am using swarm mode).
It is now OK, the "DNS Challenge Timeout" has disappeared and external systems are reachable from containers as expected.
I confirm it was a docker problem (restarting it on swarm nodes solves the problem).
Thank you for your help and your clarifications