I'm really struggling here. Long story, short... My previous use of Traefik 1.x and ACME HTTP-01 challenges to enable provision of Let's Encrypt certificates raises security concerns for my IT department. Their policy is that a server has to be secure and pass a barrage of tests BEFORE ports can be opened to the world. My problem is the HTTP-01 challenge has to find an 'A' record in our DNS in order to validate our domain ownership, but that has to happen first and it fails because our ports can't be opened until it's secure. A bit of a chicken versus egg dilemma.
So a colleague of mine proposed using an ACME DNS-01 challenge instead, and doing so with a CNAME record in an accessible DNS, a process that I don't entirely understand. My colleague suggested these references:
An Example Ingress Controller’s Implementation of DNS verification:
We tried to implement this plan in my Traefik 1.x environment and got back errors that we were unable to decipher. Rather than posting those in this forum, I elected to bite-the-bullet and upgrade to Traefik 2.x, and I've done that, but I'm still unable to obtain certs using DNS-01.
The latest manifestation of my configuration and tests are documented in https://dlad.summittdweller.com/en/posts/074-simplified-testing-traefik-2-with-acme-dns-01/, and my initial question is this:
What does the log statement
No ACME certificate generation required for domains [\"dgdocker3.grinnell.edu\"]. really mean? (See below)
time="2020-05-19T11:20:32-04:00" level=debug msg="Looking for provided certificate(s) to validate [\"dgdocker3.grinnell.edu\"]..." providerName=dns.acme routerName=traefik-secure@docker rule="Host(`dgdocker3.grinnell.edu`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))" time="2020-05-19T11:20:32-04:00" level=debug msg="No ACME certificate generation required for domains [\"dgdocker3.grinnell.edu\"]." providerName=dns.acme routerName=traefik-secure@docker rule="Host(`dgdocker3.grinnell.edu`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
Thanks in advance for any insight you can provide.