What did you do?
I wanted to create a DNS ACME certificate via Vultr.com.
What did you see instead?
traefik-app | time="2023-04-29T15:14:35Z" level=error msg="Unable to obtain ACME certificate for domains \"www.XXXYYY.zzz\": unable to generate a certificate for the domains [www.XXXYYY.zzz]: error: one or more domains had a problem:\n[www.XXXYYY.zzz] time limit exceeded: last error: NS ns2.vultr.com. returned NXDOMAIN for _acme-challenge.www.XXXYYY.zzz.\n" ACME CA="https://acme-staging-v02.api.letsencrypt.org/directory" routerName=whoami@docker rule="Host(`www.XXXYYY.zzz`)" providerName=vultr.acme
What version of Traefik are you using?
Version: 2.10.1
Codename: saintmarcelin
Go version: go1.20.3
Built: 2023-04-27T14:52:35Z
OS/Arch: linux/amd64
What is your environment & configuration?
version: "3.9"
networks:
traefik:
external: false
services:
traefik:
container_name: traefik-app
image: traefik:latest
restart: always
command:
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.vultr.acme.dnschallenge=true"
- "--certificatesresolvers.vultr.acme.dnschallenge.provider=vultr"
- "--certificatesresolvers.vultr.acme.dnschallenge.resolvers=173.199.96.96,173.199.96.97" # <- VULTR DNS
- "--certificatesresolvers.vultr.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
- "--certificatesresolvers.vultr.acme.email=noc@XXXYYY.zzz"
- "--certificatesresolvers.vultr.acme.storage=/letsencrypt/acme.json"
- "--log.level=info"
environment:
VULTR_API_KEY: "MY-KEY-IS-OK"
volumes:
- ./letsencrypt/acme.json:/letsencrypt/acme.json"
- /var/run/docker.sock:/var/run/docker.sock
networks:
- traefik
ports:
- "443:443"
whoami:
container_name: whoami-app
image: traefik/whoami
networks:
- traefik
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoami.rule=Host(`www.XXXYYY.zzz`)"
- "traefik.http.routers.whoami.entrypoints=websecure"
- "traefik.http.routers.whoami.tls.certresolver=vultr"
Wrong! Traefik creates a DNS entry at Vultr.com. I can see the entry with curl:
dig -t txt _acme-challenge.www.XXXYYY.zzz. @173.199.96.97
;; ANSWER SECTION:
_acme-challenge.www.XXXYYY.zzz. 120 IN TXT "1Wkjy8a39A2mrVcN1ytKSsWiCjpde6vdKIOfd5nyOwM"
Does anyone have any idea?