I'm using the Namecheap API, Docker Swarm, and Traefik 2.8.4. As others have noted (see, for example, here and here), I have a problem with lego's check on DNS propagation.
When the propagation check is enabled, it seems that lego is checking endlessly (admittedly, I only waited 10 minutes) while I can already see the correct TXT record with dig.
dig _acme-challenge.my.domain TXT @dns1.registrar-servers.com
When I disable the propagation check, it seems that the TXT records are cleaned up before the Let's Encrypt server can validate them and thus no certificate is issued.
The only way I got it to work is to also set a delay before doing the propagation check which also seems to introduce a delay even when propagation is disabled.
So my final working configuration with Docker Swarm:
command: >
--certificatesresolvers.certbot.acme.dnschallenge.provider=namecheap
--certificatesresolvers.certbot.acme.dnschallenge.resolvers=dns1.registrar-servers.com,dns2.registrar-servers.com
--certificatesresolvers.certbot.acme.dnschallenge.delaybeforecheck=30
--certificatesresolvers.certbot.acme.dnschallenge.disablepropagationcheck=true
--certificatesresolvers.certbot.acme.email=${EMAIL?Variable EMAIL is required!}
I hope that this may help others in the same boat or that somebody can suggest better solutions that would actually use the propagation check correctly.