OVH wildcard certificate renewal problem


I have a domain name (.fr) purchased from OVH. I use docker with traefik, and for simplicity's sake I wanted to set up wildcard certificates.
I've tried to set up a dns challenge but it doesn't seem to work properly. In fact, every 3 months I have to go through a lot of trouble to get my certificates working again. I can't figure out why my certificates are renewed after X number of operations.

My domain is:

Here is an extract from my docker-compose configuration

	- "OVH_ENDPOINT=ovh-eu"
	- "TZ=Europe/Paris"

- --certificatesResolvers.letsencrypt.acme.dnsChallenge=true
- --certificatesResolvers.letsencrypt.acme.dnsChallenge.provider=ovh

Here are some error logs I can find traefik logs

time="2023-10-15T04:32:34+02:00" level=error msg="Error renewing certificate from LE: { []}" ACME CA="" providerName=letsencrypt.acme error="error: one or more domains had a problem:\n[] [] acme: error presenting token: ovh: no subdomain because the domain and the zone are identical:\n"

And here's my dns configuration on the OVH side.

I think I'm missing something (I'm a beginner in traefik / let's encrypt configuration), if you have a clue I'd love to hear from you. Thanks in advance!


Maybe share your full Traefik static and dynamic config. Not a single domain defined in what you showed.

I finally solved my issue; that was because of my DNS records. Traefik / Let's encrypt doesn't seems to be able to manage CNAME record for (wildcard) certificate. I replaced it by an A / AAAA record and it's working now

When using CNAME, you can set a special flag for Traefik TLS, check the docs.