Hello All,
I wonder if somebody would be kind to give me some guidance on troubleshooting this kind of error:
traefik | 2025-04-29T15:42:44+03:00 ERR github.com/traefik/traefik/v3/pkg/provider/acme/provider.go:482 > Unable to obtain ACME certificate for domains error="unable to generate a certificate for the domains [my.url.domain]: error: one or more domains had a problem:\n[my.url.domain] [my.url.domain] acme: error presenting token: rfc2136: failed to insert: DNS update failed: server replied: REFUSED\n" ACME CA=https://acme-v02.api.letsencrypt.org/directory acmeCA=https://acme-v02.api.letsencrypt.org/directory domains=["my.url.domain"] providerName=myresolver.acme routerName=netbox@docker rule=Host(`my.url.domain`)
I am pretty sure my Bind9 configuration is correct. When I used nsupdate (of course first download dnsutils) from container I am successfully creating DNS record against my DNS server. But for some reason Traefik fails with error above.
When I do that with nsupdate in Bind9 logs I see:
29-Apr-2025 13:24:25.943 info: client @0x7faf8ec51168 10.0.0.33#39934/key my-key: signer "my-key" approved
When Traefik tries sto make DNS record in Bind9 logs I see:
29-Apr-2025 13:24:39.560 error: client @0x7faf8ec51168 10.0.0.33#54598: update 'url.domain/IN' denied
Environment variables inside container, looks to be correct:
/ # env
HOSTNAME=fac77e892677
SHLVL=1
HOME=/root
RFC2136_NAMESERVER=DNSServerIP:53
TERM=xterm
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
RFC2136_TSIG_KEYNAME=my-key
RFC2136_TSIG_ALGORITHM=hmac-sha256
PWD=/
RFC2136_TSIG_SECRET=mybase64key
Is there a way to troubleshoot DNS creation issue with Traefik? How?
Why running nsupdate from container succeeds but traefik not?