Running Traefik 2.7 locally in Docker and have it configured to use a wildcard sans for my TLD with GoDaddy and it is working fine. Here is the config for command:
- --certificatesresolvers.wildcard-godaddy.acme.dnschallenge=true
- --certificatesResolvers.wildcard-godaddy.acme.dnsChallenge.provider=godaddy
- --certificatesResolvers.wildcard-godaddy.acme.dnsChallenge.delayBeforeCheck=0
- --certificatesresolvers.wildcard-godaddy.acme.email=${ACME_EMAIL}
- --certificatesresolvers.wildcard-godaddy.acme.storage=/traefik/certs/acme.json
and here is the config in the labels:
- traefik.http.routers.traefik-secure.entrypoints=websecure
- traefik.http.routers.traefik-secure.rule=Host(`traefik.mydomain.net`)
- traefik.http.routers.traefik-secure.tls=true
- traefik.http.routers.traefik-secure.tls.certresolver=wildcard-godaddy
- traefik.http.routers.traefik-secure.tls.domains[0].main=mydomain.net
- traefik.http.routers.traefik-secure.tls.domains[0].sans=*.mydomain.net
This is working fine, the LE certs are available and working.
However what I want to do is use xxxx.local.mydomain.net
for the hostnames
When I updated the labels config to use this
- traefik.http.routers.traefik-secure.entrypoints=websecure
- traefik.http.routers.traefik-secure.rule=Host(`traefik.local.mydomain.net`)
- traefik.http.routers.traefik-secure.tls=true
- traefik.http.routers.traefik-secure.tls.certresolver=wildcard-godaddy
- traefik.http.routers.traefik-secure.tls.domains[0].main=local.mydomain.net
- traefik.http.routers.traefik-secure.tls.domains[0].sans=*.local.mydomain.net
I get these errors:
time="2022-07-07T14:41:21Z" level=debug msg="legolog: [INFO] [*.local.mydomain.net] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/2931398164"
time="2022-07-07T14:41:21Z" level=debug msg="legolog: [INFO] [*.local.mydomain.net] acme: use dns-01 solver"
time="2022-07-07T14:41:21Z" level=debug msg="legolog: [INFO] [*.local.mydomain.net] acme: Preparing to solve DNS-01"
time="2022-07-07T14:41:21Z" level=debug msg="legolog: [INFO] [*.local.mydomain.net] acme: Cleaning DNS-01 challenge"
time="2022-07-07T14:41:22Z" level=debug msg="legolog: [WARN] [*.local.mydomain.net] acme: cleaning up failed: godaddy: failed to get TXT records: could not get records: Domain: local.mydomain.net; Record: _acme-challenge, Status: 404; Body: {\"code\":\"UNKNOWN_DOMAIN\",\"message\":\"The given domain is not registered, or does not have a zone file\"}"
time="2022-07-07T14:41:22Z" level=debug msg=" "
time="2022-07-07T14:41:22Z" level=debug msg="legolog: [INFO] Deactivating auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/2931398164"
time="2022-07-07T14:41:22Z" level=error msg="Unable to obtain ACME certificate for domains \"*.local.mydomain.net\" : unable to generate a certificate for the domains [*.local.mydomain.net]: error: one or more domains had a problem:\n[*.local.mydomain.net] [*.local.mydomain.net] acme: error presenting token: godaddy: failed to get TXT records: could not get records: Domain: local.mydomain.net; Record: _acme-challenge, Status: 404; Body: {\"code\":\"UNKNOWN_DOMAIN\",\"message\":\"The given domain is not registered, or does not have a zone file\"}\n\n" providerName=wildcard-godaddy.acme
I believe this is due to the way GoDaddy does the subdomains in DNS, as I do not get a new zone file for local.mydomain.net
I just add a new A
rec for *.local
in the zone for mydomain.net.
I did find a similar issue in Posh-ACME so I wonder if a similar fix would work?