Dns resolver not working

Greinet · November 16, 2019, 12:30pm

Hello,

I`m trying to update from v1.7 to v2.0 but I can't get my dns cert resolver to work. My domain is hosted on name.com and so I use their api. But traefik keeps creating txt-record for my domain and not the subdomains. Am I missing something in my configurations?

Thanks in advance,

Andreas

docker-compose.yaml

version: "3.3"

services:
  traefikv2:
    image: traefik:v2.0
    container_name: traefikv2
    environment:
      - "NAMECOM_USERNAME=XXXXXXXX"
      - "NAMECOM_API_TOKEN=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
      - "NAMECOM_SERVER=api.name.com"
    restart: always
    ports:
      - "443:443"
      - "80:80"
      - "8080:8080"
    networks:
      - webv2
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "/XXXXXX/traefikv2/traefik.toml:/etc/traefik/traefik.toml"
      - "/XXXXXX/traefikv2/containers/:/etc/traefik/containers/"
      - "/XXXXXX/traefikv2/logs/:/logs"
networks:
  webv2:
    external: true

traefik.toml

[log]
  filePath = "/logs/log.txt"
  format = "json"
  level = "DEBUG"

[api]
  insecure = true
  dashboard = true

[certificatesResolvers.main.acme]
  email = "XXXXXXXXXXXXXXXXXXXXXXXXX"
  storage = "acme.json"
  [certificatesResolvers.main.acme.dnsChallenge]
    provider = "namedotcom"

[providers.docker]
  endpoint = "unix:///var/run/docker.sock"
  exposedbydefault = false
[providers.file]
  directory = "/etc/traefik/containers"
  watch = true
  debugLogGeneratedTemplate = true

[entryPoints]
  [entryPoints.web-insecure]
    address = ":80"
  [entryPoints.web-secure]
    address = ":443"

seperate default.toml in my "/etc/traefik/containers/" folder

[http.routers]
  [http.routers.monitor1]
    rule = "Host(`monitor.MYDOMAIN.live`)"
    service = "monitor"
    entrypoints = ["web-secure"]
    [http.routers.monitor1.tls]
      certResolver = "main"

[http.services]
  [http.services.monitor.loadBalancer]
    [[http.services.monitor.loadBalancer.servers]]
      url = "http://127.0.0.1:8080"

output log from traefik

{"level":"debug","msg":"Building ACME client...","providerName":"main.acme","time":"2019-11-16T12:13:47Z"}
{"level":"debug","msg":"https://acme-v02.api.letsencrypt.org/directory","providerName":"main.acme","time":"2019-11-16T12:13:47Z"}
{"level":"info","msg":"Register...","providerName":"main.acme","time":"2019-11-16T12:13:48Z"}
{"level":"debug","msg":"legolog: [INFO] acme: Registering account for XXXXXXXXXXXXXX@XXXXXX.XX","time":"2019-11-16T12:13:48Z"}
{"level":"debug","msg":"Using DNS Challenge provider: namedotcom","providerName":"main.acme","time":"2019-11-16T12:13:48Z"}
{"level":"debug","msg":"legolog: [INFO] [monitor.MYDOMAIN.live] acme: Obtaining bundled SAN certificate","time":"2019-11-16T12:13:48Z"}
{"level":"debug","msg":"legolog: [INFO] [monitor.MYDOMAIN.live] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/1265343071","time":"2019-11-16T12:13:49Z"}
{"level":"debug","msg":"legolog: [INFO] [monitor.MYDOMAIN.live] acme: Could not find solver for: tls-alpn-01","time":"2019-11-16T12:13:49Z"}
{"level":"debug","msg":"legolog: [INFO] [monitor.MYDOMAIN.live] acme: Could not find solver for: http-01","time":"2019-11-16T12:13:49Z"}
{"level":"debug","msg":"legolog: [INFO] [monitor.MYDOMAIN.live] acme: use dns-01 solver","time":"2019-11-16T12:13:49Z"}
{"level":"debug","msg":"legolog: [INFO] [monitor.MYDOMAIN.live] acme: Preparing to solve DNS-01","time":"2019-11-16T12:13:49Z"}
{"level":"debug","msg":"legolog: [INFO] [monitor.MYDOMAIN.live] acme: Trying to solve DNS-01","time":"2019-11-16T12:13:50Z"}
{"level":"debug","msg":"legolog: [INFO] [monitor.MYDOMAIN.live] acme: Checking DNS record propagation using [127.0.0.11:53]","time":"2019-11-16T12:13:50Z"}
{"level":"debug","msg":"legolog: [INFO] Wait for propagation [timeout: 15m0s, interval: 20s]","time":"2019-11-16T12:13:50Z"}
{"level":"debug","msg":"legolog: [INFO] [monitor.MYDOMAIN.live] acme: Waiting for DNS record propagation.","time":"2019-11-16T12:13:50Z"}
{"level":"debug","msg":"legolog: [INFO] [monitor.MYDOMAIN.live] acme: Waiting for DNS record propagation.","time":"2019-11-16T12:14:10Z"}
{"level":"debug","msg":"legolog: [INFO] [monitor.MYDOMAIN.live] acme: Waiting for DNS record propagation.","time":"2019-11-16T12:14:30Z"}
{"level":"debug","msg":"legolog: [INFO] [monitor.MYDOMAIN.live] acme: Waiting for DNS record propagation.","time":"2019-11-16T12:14:50Z"}
{"level":"debug","msg":"legolog: [INFO] [monitor.MYDOMAIN.live] acme: Waiting for DNS record propagation.","time":"2019-11-16T12:15:10Z"}
{"level":"debug","msg":"legolog: [INFO] [monitor.MYDOMAIN.live] acme: Waiting for DNS record propagation.","time":"2019-11-16T12:15:30Z"}
{"level":"debug","msg":"legolog: [INFO] [monitor.MYDOMAIN.live] acme: Waiting for DNS record propagation.","time":"2019-11-16T12:15:50Z"}

TXT-record issued
_acme-challenge.MYDOMAIN.live

EvandroMaddes · February 28, 2023, 2:51pm

Hi,
i think that you have to specify that you want a certificate for your subdomains, try to add this to your default.toml

## Dynamic configuration
[http.routers]
  [http.routers.blog]
    rule = "Host(`example.com`) && Path(`/blog`)"
    [http.routers.blog.tls]
      certResolver = "myresolver" # From static configuration
      [[http.routers.blog.tls.domains]]
        main = "example.org"
        sans = ["*.example.org"]

souce: Traefik Let's Encrypt Documentation - Traefik

Topic		Replies	Views
DNS-01 challenge fails Traefik v3 (beta) docker , letsencrypt-acme	11	307	December 16, 2023
Can't get certificates through DNS-01 Traefik v2 (latest) docker , letsencrypt-acme	4	1512	January 15, 2022
Issue certificate using dns-01 challenge with Traefik Traefik v2 (latest) letsencrypt-acme	4	346	June 7, 2023
SSL Certs does not work Traefik v2 (latest) docker , letsencrypt-acme	5	600	September 18, 2020
Routing and Service connection problem NEED HELP Traefik v2 (latest) docker	0	299	March 3, 2020

Dns resolver not working

Related Topics