Works for me, docker-compose.yml:
version: '3.9'
services:
traefik:
image: traefik:v3.0
ports:
- 80:80
- 443:443
networks:
- proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- letsencrypt:/letsencrypt
#- /var/log:/var/log
environment:
- DUCKDNS_TOKEN=<token>
command:
- --api.dashboard=true
- --log.level=DEBUG
#- --log.filepath=/var/log/traefik.log
- --accesslog=true
#- --accesslog.filepath=/var/log/traefik-access.log
- --providers.docker.network=proxy
- --providers.docker.exposedByDefault=false
- --entrypoints.web.address=:80
- --entrypoints.web.http.redirections.entrypoint.to=websecure
- --entryPoints.web.http.redirections.entrypoint.scheme=https
- --entrypoints.websecure.address=:443
- --entrypoints.websecure.asDefault=true
- --entrypoints.websecure.http.tls.certresolver=myresolver
- --certificatesresolvers.myresolver.acme.dnschallenge.provider=duckdns
- --certificatesresolvers.myresolver.acme.dnschallenge.delaybeforecheck=20
#- --certificatesresolvers.myresolver.acme.dnschallenge.resolvers=99.79.143.35:53,35.182.183.211:53
- --certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json
- --certificatesresolvers.myresolver.acme.email=mail@example.com
- --certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json
labels:
- traefik.enable=true
- traefik.http.routers.mydashboard.rule=Host(`traefik.duckdns.org`)
- traefik.http.routers.mydashboard.service=api@internal
- traefik.http.routers.mydashboard.middlewares=myauth
- traefik.http.middlewares.myauth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/
whoami:
image: traefik/whoami:v1.8
networks:
- proxy
labels:
- traefik.enable=true
- traefik.http.routers.mywhoami.rule=Host(`whoami.duckdns.org`)
- traefik.http.services.mywhoami.loadbalancer.server.port=80
networks:
proxy:
name: proxy
volumes:
letsencrypt:
name: letsencrypt
When using Traefik v2 you have to remove entrypoints.websecure.asDefault.
Maybe setting the DNS IPs with the short delayBeforeCheck is the problem. Try removing the IPs and extending the time.