RFC2136 TSIG for Let's Encrypt Trying to Update Wrong View

dafht2ol · January 17, 2024, 4:47pm

Hello,

I am currently trying to setup RFC2136 Let's Encrypt with DNS challenge via RFC2136 with a BIND9 NS. My NS has 2 almost identical views(record name part is the same, except IP address). 1 internal and 1 external.

Internal is for my LAN split horizon DNS use, and the external is for external recursive DNS to get the DNS records for my domains only.

Currently, Traefik is trying to add the verification TXT record to the internal view, which is obviously wrong and will not work(did not configure RFC2136 for internal view, but this does not matter), since the verification TXT record has to be readable by the LE's servers.

Is there any way to specify the name of the view so traefik only add the TXT records to that view when trying to get a certificate?

bluepuma77 · January 17, 2024, 6:20pm

Traefik dnsChallenge has a lot of ACME providers (doc), for more details check the used go-acme library page (link).

There are two full control options with exec and httpreq to trigger your own logic within a script or a web service, if the standard solutions don’t work for you.

Topic		Replies	Views
DNS-01 challenge fails Traefik v3 (beta) docker , letsencrypt-acme	11	308	December 16, 2023
Let's encrypt without being able to automate Traefik v2 (latest) letsencrypt-acme	0	315	October 29, 2019
Traefik v2 with ACME DNS-01 Challenge Traefik v2 (latest) docker , letsencrypt-acme	0	1490	May 19, 2020
Hetzer and Let's Encrypt Traefik v2 (latest) letsencrypt-acme	0	416	January 19, 2021
Treafik with namedotcom inserts inconsistent _acme-challenge txt records Traefik v2 (latest) letsencrypt-acme	4	377	April 22, 2020

RFC2136 TSIG for Let's Encrypt Trying to Update Wrong View

Related Topics