I am having an issue getting a wildcard certificate for a sub-subdomain with DuckDNS.
docker-compose.yaml
version: "3"
services:
traefik:
command:
- --providers.docker=true
- --providers.docker.exposedByDefault=false
- --entryPoints.web.address=:80
- --entryPoints.web.http.redirections.entryPoint.to=websecure
- --entryPoints.websecure.address=:443
- --experimental.http3=true
- --entryPoints.websecure.http3
- --entrypoints.websecure.http.tls.certResolver=myresolver
- --entrypoints.websecure.http.tls.domains[0].main=š.duckdns.org
- --entrypoints.websecure.http.tls.domains[0].sans=*.š.duckdns.org,*.dns.š.duckdns.org
- --certificatesResolvers.myresolver.acme.dnsChallenge=true
- --certificatesResolvers.myresolver.acme.dnsChallenge.provider=duckdns
- --certificatesResolvers.myresolver.acme.email=webmaster@š.duckdns.org
- --certificatesResolvers.myresolver.acme.storage=/letsencrypt/acme.json
container_name: traefik
environment:
- DUCKDNS_TOKEN=š
image: traefik:v2.10
networks:
- traefik
- adguardhome
ports:
- 80:80 # HTTP
- 443:443 # HTTPS
- 443:443/udp # HTTP/3
restart: unless-stopped
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./traefik/letsencrypt:/letsencrypt
traefik-certs-dumper:
command: file --version v2 --watch --source /letsencrypt/acme.json --dest /data
container_name: traefik-certs-dumper
image: ldez/traefik-certs-dumper:v2.8.1
network_mode: none
volumes:
- ./traefik-certs-dumper:/data
- ./traefik/letsencrypt:/letsencrypt:ro
adguardhome:
container_name: adguardhome
image: adguard/adguardhome
networks:
- adguardhome
labels:
- traefik.enable=true
- traefik.http.routers.adguardhome.rule=Host(`dns.š.duckdns.org`) || HostRegexp(`{my-client:.+}.dns.š.duckdns.org`)
- traefik.http.routers.adguardhome.entryPoints=websecure
- traefik.http.routers.adguardhome.service=adguardhome
- traefik.http.services.adguardhome.loadBalancer.server.port=3000
ports:
- 853:853 # DNS over TLS
restart: unless-stopped
volumes:
- ./adguardhome/work:/opt/adguardhome/work
- ./adguardhome/conf:/opt/adguardhome/conf
- ./traefik-certs-dumper:/certs:ro
networks:
traefik:
name: traefik
adguardhome:
name: adguardhome
time="2024-03-26T18:14:10Z" level=error msg="Unable to obtain ACME certificate for domains \"š.duckdns.org,*.š.duckdns.org,*.dns.š.duckdns.org\"" error="unable to generate a certificate for the domains [*.dns.š.duckdns.org]: error: one or more domains had a problem:\n[*.dns.š.duckdns.org] propagation: time limit exceeded: last error: read udp 192.168.224.3:57248->99.79.143.35:53: i/o timeout\n" ACME CA="https://acme-v02.api.letsencrypt.org/directory" routerName=adguardhome@docker rule="Host(`dns.š.duckdns.org`) || HostRegexp(`{my-client:.+}.dns.š.duckdns.org`)" providerName=myresolver.acme