So I have Traefik v2 working great for a while.
Recently, I've noticed that my certificate is going to expire, looking at Traefik logs, i'm seeing this:
time="2020-03-31T11:55:26Z" level=info msg="Starting provider aggregator.ProviderAggregator {}"
time="2020-03-31T11:55:26Z" level=info msg="Starting provider *file.Provider {\"watch\":true,\"filename\":\"/etc/traefik/rules.toml\"}"
time="2020-03-31T11:55:26Z" level=info msg="Starting provider *docker.Provider {\"watch\":true,\"endpoint\":\"unix:///var/run/docker.sock\",\"defaultRule\":\"Host(`{{ normalize .Name }}`)\",\"swarmModeRefreshSeconds\":15000000000}"
time="2020-03-31T11:55:26Z" level=info msg="Starting provider *traefik.Provider {}"
time="2020-03-31T11:55:26Z" level=info msg="Starting provider *acme.Provider {\"email\":\"mymail@gmail.com\",\"caServer\":\"https://acme-v02.api.letsencrypt.org/directory\",\"storage\":\"/etc/traefik/acme/acme.json\",\"keyType\":\"RSA4096\",\"dnsChallenge\":{\"provider\":\"duckdns\"},\"ResolverName\":\"duckdns\",\"store\":{},\"ChallengeStore\":{}}"
time="2020-03-31T11:55:26Z" level=info msg="Testing certificate renew..." providerName=duckdns.acme
time="2020-03-31T11:55:36Z" level=info msg="Error renewing certificate from LE : {Main:grafana.abcd.duckdns.org SANs:[]}, get directory at 'https://acme-v02.api.letsencrypt.org/directory': Get \"https://acme-v02.api.letsencrypt.org/directory\": dial tcp: lookup acme-v02.api.letsencrypt.org on 127.0.0.11:53: read udp 127.0.0.1:41759->127.0.0.11:53: i/o timeout" providerName=duckdns.acme
time="2020-03-31T11:55:46Z" level=info msg="Error renewing certificate from LE : {Main:abcd.duckdns.org SANs:[*.abcd.duckdns.org]}, get directory at 'https://acme-v02.api.letsencrypt.org/directory': Get \"https://acme-v02.api.letsencrypt.org/directory\": dial tcp: lookup acme-v02.api.letsencrypt.org on 127.0.0.11:53: read udp 127.0.0.1:53790->127.0.0.11:53: i/o timeout" providerName=duckdns.acme
time="2020-03-31T11:55:57Z" level=info msg="Error renewing certificate from LE : {Main:bazarr.abcd.duckdns.org SANs:[]}, get directory at 'https://acme-v02.api.letsencrypt.org/directory': Get \"https://acme-v02.api.letsencrypt.org/directory\": dial tcp: lookup acme-v02.api.letsencrypt.org on 127.0.0.11:53: read udp 127.0.0.1:36169->127.0.0.11:53: i/o timeout" providerName=duckdns.acme
Next thing I tried is to disable PiHole (which runs on that same host in a different docker). Didn't work
Next thing I tried is running curl to that address:
pi@raspberrypi:~/docker/traefik/logs $ curl https://acme-v02.api.letsencrypt.org/directory
{
"E0xqi_M8BjM": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
"website": "https://letsencrypt.org"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
worked as a charm.
What else can I do?