Could someone help me troubleshoot what I'm doing wrong here? I've tried pretty much everything I've seen online and unable to get certificates going. No matter what I do, all I see in the logs is:
2024-05-30T20:08:51Z DBG github.com/go-acme/lego/v4@v4.16.1/log/logger.go:48 > [INFO] [bazarr.domain.com] acme: Waiting for DNS record propagation. lib=lego
2024-05-30T20:08:51Z DBG github.com/go-acme/lego/v4@v4.16.1/log/logger.go:48 > [INFO] [pihole.domain.com] acme: Waiting for DNS record propagation. lib=lego
2024-05-30T20:08:51Z DBG github.com/go-acme/lego/v4@v4.16.1/log/logger.go:48 > [INFO] [radarr.domain.com] acme: Waiting for DNS record propagation. lib=lego
2024-05-30T20:08:51Z DBG github.com/go-acme/lego/v4@v4.16.1/log/logger.go:48 > [INFO] [sonarr.domain.com] acme: Waiting for DNS record propagation. lib=lego
2024-05-30T20:08:52Z DBG github.com/go-acme/lego/v4@v4.16.1/log/logger.go:48 > [INFO] [prowlarr.domain.com] acme: Waiting for DNS record propagation. lib=lego
2024-05-30T20:08:52Z DBG github.com/go-acme/lego/v4@v4.16.1/log/logger.go:48 > [INFO] [portainer.domain.com] acme: Waiting for DNS record propagation. lib=lego
Here is my current compose file for Traefik:
networks:
proxy:
external: true
services:
traefik:
container_name: traefik
image: "traefik:latest"
restart: always
command:
- "--api.insecure=true"
- "--log.level=DEBUG"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--providers.docker.network=proxy"
- "--entryPoints.web.address=:80"
- "--entryPoints.websecure.address=:443"
- "--certificatesresolvers.cloudflare.acme.dnschallenge.provider=cloudflare"
- "--certificatesresolvers.cloudflare.acme.dnschallenge.delaybeforecheck=0"
- "--certificatesresolvers.cloudflare.acme.dnschallenge.resolvers=aleena.ns.cloudflare.com,damien.ns.cloudflare.com"
# Test staging
- "--certificatesresolvers.cloudflare.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
- "--certificatesresolvers.cloudflare.acme.dnschallenge=true"
- "--certificatesresolvers.cloudflare.acme.email=${ACME_EMAIL}"
- "--certificatesresolvers.cloudflare.acme.storage=/letsencrypt/acme.json"
networks:
- proxy
ports:
- "80:80"
- "443:443"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "traefik_data:/letsencrypt"
environment:
- "CF_API_EMAIL=${CF_API_EMAIL}"
- "CF_DNS_API_TOKEN=${CF_API_KEY}"
- "CLOUDFLARE_PROPAGATION_TIMEOUT=300"
labels:
- "traefik.enable=true"
- "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
- "traefik.http.routers.http-catchall.entrypoints=web"
- "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
- "traefik.http.middlewares.internal.ipallowlist.sourcerange=192.168.0.0/16"
- "traefik.http.middlewares.internal.ipallowlist.ipstrategy.depth=0"
volumes:
traefik_data:
name: traefik_data
For --certificatesresolvers.cloudflare.acme.dnschallenge.resolvers=aleena.ns.cloudflare.com,damien.ns.cloudflare.com I've tried the default 1.1.1.1:53 and 8.8.8.8:53 and thought to try the Cloudflare name servers. I am able to dig the DNS records and come back with a result. I am able to ping the DNS servers from within the container. I have checked firewall rules. Not sure where to go from here.