How to debug a Let's Encrypt certificate request?

I would like to use the DNS challenge with OVH to generate a Let's Encrypt certificate.I went through a setup (following a great writeup on that subject) but the request to OVH ultimately fails (example.eu is replaced with my real domain):

time="2020-01-14T14:32:35+01:00" level=debug msg="No default certificate, generating one"
time="2020-01-14T14:32:35+01:00" level=debug msg="Try to challenge certificate for domain [whoami.example.eu] found in HostSNI rule" providerName=le.acme routerName=whoami@docker rule="Host(`whoami.example.eu`)"
time="2020-01-14T14:32:35+01:00" level=debug msg="Looking for provided certificate(s) to validate [\"whoami.example.eu\"]..." providerName=le.acme routerName=whoami@docker rule="Host(`whoami.example.eu`)"
time="2020-01-14T14:32:35+01:00" level=debug msg="Domains [\"whoami.example.eu\"] need ACME certificates generation for domains \"whoami.example.eu\"." routerName=whoami@docker rule="Host(`whoami.example.eu`)" providerName=le.acme
time="2020-01-14T14:32:35+01:00" level=debug msg="Loading ACME certificates [whoami.example.eu]..." providerName=le.acme routerName=whoami@docker rule="Host(`whoami.example.eu`)"
time="2020-01-14T14:32:35+01:00" level=debug msg="Building ACME client..." providerName=le.acme
time="2020-01-14T14:32:35+01:00" level=debug msg="https://acme-staging-v02.api.letsencrypt.org/directory" providerName=le.acme
time="2020-01-14T14:32:41+01:00" level=debug msg="Using DNS Challenge provider: ovh" providerName=le.acme
time="2020-01-14T14:32:41+01:00" level=error msg="Unable to obtain ACME certificate for domains \"whoami.example.eu\": cannot get ACME client ovh: some credentials information are missing: OVH_ENDPOINT,OVH_APPLICATION_KEY,OVH_APPLICATION_SECRET,OVH_CONSUMER_KEY" providerName=le.acme routerName=whoami@docker rule="Host(`whoami.example.eu`)"

The last line suggests that the configuration is incorrect, but Traefik is started with the requested environment:

services:
  traefik:
    container_name: traefik
    image: traefik
    ports:
      - 40080:40080
      - 48080:8080
      - 40443:40443
    restart: unless-stopped
    volumes:
      - /etc/docker/container-data/traefik:/etc/traefik
      - /var/run/docker.sock:/var/run/docker.sock
      - /etc/localtime:/etc/localtime:ro
    environment:
      - OVH_ENDPOINT=ovh-eu
      - OVH_APPLICATION_KEY=G...
      - OVH_APPLICATION_SECRET=Z...
      - OVH_CONSUMER_KEY=B...
version: "3"

How to further debug this request for a LE certificate?

1 Like