edit: I'm 99% certain this is a problem with godaddy as a provider. It worked with route53. And to answer the DNS entry question: it seems there are no records added except for what's need for the acme validation. Please correct me if I'm wrong.
I had detailed everything before: silly bug report on github
The response I got was that the domain was wrong but that's because I edited out the real domain that I'm trying to use. The problem happens even with a domain that works with dig.
Looking at other tutorials around the internet I can only find examples for traefik 1.x and it seems there were significant changes (I'm not using a traefik.toml atm?!?).
Since I'm trying to run the exact example from the documentation I'm surprised it's not working.
I get the same results whether I manually add a dns entry for the subdomain that I'm trying to use or not. I was hoping that traefik would create the dns entry. Is it supposed to do that with this method?
When I go into the traefik container and run dig there is no problem. I'd really appreciate some hints.
Thanks
# Logs
"Configuration received from provider docker: {\"http\":{\"routers\":{\"whoami\":{\"entryPoints\":[\"websecure\"],\"service\":\"whoami-playtime\",\"rule\":\"Host(`whoami.domain.net`)\",\"tls\":{\"certResolver\":\"mydnschallenge\"}}},\"services\":{\"whoami-playtime\":{\"loadBalancer\":{\"servers\":[{\"url\":\"http://172.21.0.2:80\"}],\"passHostHeader\":true}}}},\"tcp\":{}}" providerName=docker
"Creating middleware" middlewareName=pipelining middlewareType=Pipelining serviceName=whoami-playtime entryPointName=websecure routerName=whoami@docker
"Creating load-balancer" routerName=whoami@docker serviceName=whoami-playtime entryPointName=websecure
"Creating server 0 http://172.21.0.2:80" serviceName=whoami-playtime entryPointName=websecure routerName=whoami@docker serverName=0
"Added outgoing tracing middleware whoami-playtime" middlewareName=tracing middlewareType=TracingForwarder routerName=whoami@docker entryPointName=websecure
"Creating middleware" entryPointName=websecure middlewareName=traefik-internal-recovery middlewareType=Recovery
"No default certificate, generating one"
"Try to challenge certificate for domain [whoami.domain.net] founded in HostSNI rule" providerName=mydnschallenge.acme routerName=whoami rule="Host(`whoami.domain.net`)"
"Looking for provided certificate(s) to validate [\"whoami.domain.net\"]..." rule="Host(`whoami.domain.net`)" providerName=mydnschallenge.acme routerName=whoami
"Domains [\"whoami.domain.net\"] need ACME certificates generation for domains \"whoami.domain.net\"." providerName=mydnschallenge.acme routerName=whoami rule="Host(`whoami.domain.net`)"
"Loading ACME certificates [whoami.domain.net]..." providerName=mydnschallenge.acme routerName=whoami rule="Host(`whoami.domain.net`)"
"Building ACME client..." providerName=mydnschallenge.acme
"https://acme-staging-v02.api.letsencrypt.org/directory" providerName=mydnschallenge.acme
"Using DNS Challenge provider: godaddy" providerName=mydnschallenge.acme
"legolog: [INFO] [whoami.domain.net] acme: Obtaining bundled SAN certificate"
"legolog: [INFO] [whoami.domain.net] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/11995534"
"legolog: [INFO] [whoami.domain.net] acme: Could not find solver for: tls-alpn-01"
"legolog: [INFO] [whoami.domain.net] acme: Could not find solver for: http-01"
"legolog: [INFO] [whoami.domain.net] acme: use dns-01 solver"
"legolog: [INFO] [whoami.domain.net] acme: Preparing to solve DNS-01"
"legolog: [INFO] [whoami.domain.net] acme: Trying to solve DNS-01"
"legolog: [INFO] [whoami.domain.net] acme: Checking DNS record propagation using [127.0.0.11:53]"
"legolog: [INFO] Wait for propagation [timeout: 2m0s, interval: 2s]"
"legolog: [INFO] [whoami.domain.net] acme: Waiting for DNS record propagation."
...
msg="Unable to obtain ACME certificate for domains \"whoami.domain.net\": unable to generate a certificate for the domains [whoami.domain.net]: acme: Error -> One or more domains had a problem:\n[whoami.domain.net] time limit exceeded: last error: could not determine authoritative nameservers\n" providerName=mydnschallenge.acme routerName=whoami rule="Host(`whoami.domain.net`)"
## docker-compose.yml
version: "3.3"
services:
traefik:
image: "traefik:v2.0.1"
container_name: "traefik"
command:
- "--log.level=DEBUG"
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.mydnschallenge.acme.dnschallenge=true"
- "--certificatesresolvers.mydnschallenge.acme.dnschallenge.provider=godaddy"
- "--certificatesresolvers.mydnschallenge.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
- "--certificatesresolvers.mydnschallenge.acme.email=my@mail.org"
- "--certificatesresolvers.mydnschallenge.acme.storage=/letsencrypt/acme.json"
ports:
- "80:80"
- "443:443"
- "8080:8080"
environment:
- "GODADDY_API_SECRET=secret"
- "GODADDY_API_KEY=key"
volumes:
- "./letsencrypt:/letsencrypt"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
whoami:
image: "containous/whoami"
container_name: "simple-service"
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoami.rule=Host(`whoami.domain.net`)"
- "traefik.http.routers.whoami.entrypoints=websecure"
- "traefik.http.routers.whoami.tls.certresolver=mydnschallenge"