LEGO for subdomain fails for GoDaddy

Traefik Traefik v2 (latest)
1

Running Traefik 2.7 locally in Docker and have it configured to use a wildcard sans for my TLD with GoDaddy and it is working fine. Here is the config for command:

      - --certificatesresolvers.wildcard-godaddy.acme.dnschallenge=true
      - --certificatesResolvers.wildcard-godaddy.acme.dnsChallenge.provider=godaddy
      - --certificatesResolvers.wildcard-godaddy.acme.dnsChallenge.delayBeforeCheck=0
      - --certificatesresolvers.wildcard-godaddy.acme.email=${ACME_EMAIL}
      - --certificatesresolvers.wildcard-godaddy.acme.storage=/traefik/certs/acme.json

and here is the config in the labels:

      - traefik.http.routers.traefik-secure.entrypoints=websecure
      - traefik.http.routers.traefik-secure.rule=Host(`traefik.mydomain.net`)
      - traefik.http.routers.traefik-secure.tls=true
      - traefik.http.routers.traefik-secure.tls.certresolver=wildcard-godaddy
      - traefik.http.routers.traefik-secure.tls.domains[0].main=mydomain.net
      - traefik.http.routers.traefik-secure.tls.domains[0].sans=*.mydomain.net

This is working fine, the LE certs are available and working.
However what I want to do is use xxxx.local.mydomain.net for the hostnames

When I updated the labels config to use this

      - traefik.http.routers.traefik-secure.entrypoints=websecure
      - traefik.http.routers.traefik-secure.rule=Host(`traefik.local.mydomain.net`)
      - traefik.http.routers.traefik-secure.tls=true
      - traefik.http.routers.traefik-secure.tls.certresolver=wildcard-godaddy
      - traefik.http.routers.traefik-secure.tls.domains[0].main=local.mydomain.net
      - traefik.http.routers.traefik-secure.tls.domains[0].sans=*.local.mydomain.net

I get these errors:

time="2022-07-07T14:41:21Z" level=debug msg="legolog: [INFO] [*.local.mydomain.net] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/2931398164"
time="2022-07-07T14:41:21Z" level=debug msg="legolog: [INFO] [*.local.mydomain.net] acme: use dns-01 solver"
time="2022-07-07T14:41:21Z" level=debug msg="legolog: [INFO] [*.local.mydomain.net] acme: Preparing to solve DNS-01"
time="2022-07-07T14:41:21Z" level=debug msg="legolog: [INFO] [*.local.mydomain.net] acme: Cleaning DNS-01 challenge"
time="2022-07-07T14:41:22Z" level=debug msg="legolog: [WARN] [*.local.mydomain.net] acme: cleaning up failed: godaddy: failed to get TXT records: could not get records: Domain: local.mydomain.net; Record: _acme-challenge, Status: 404; Body: {\"code\":\"UNKNOWN_DOMAIN\",\"message\":\"The given domain is not registered, or does not have a zone file\"}"
time="2022-07-07T14:41:22Z" level=debug msg=" "
time="2022-07-07T14:41:22Z" level=debug msg="legolog: [INFO] Deactivating auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/2931398164"
time="2022-07-07T14:41:22Z" level=error msg="Unable to obtain ACME certificate for domains \"*.local.mydomain.net\" : unable to generate a certificate for the domains [*.local.mydomain.net]: error: one or more domains had a problem:\n[*.local.mydomain.net] [*.local.mydomain.net] acme: error presenting token: godaddy: failed to get TXT records: could not get records: Domain: local.mydomain.net; Record: _acme-challenge, Status: 404; Body: {\"code\":\"UNKNOWN_DOMAIN\",\"message\":\"The given domain is not registered, or does not have a zone file\"}\n\n" providerName=wildcard-godaddy.acme

I believe this is due to the way GoDaddy does the subdomains in DNS, as I do not get a new zone file for local.mydomain.net I just add a new A rec for *.local in the zone for mydomain.net.

I did find a similar issue in Posh-ACME so I wonder if a similar fix would work?

2

So upgraded to v2.8.1 and it is now working :slight_smile:

3

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.