Hi, i set up let's encrypt tls with dnschallenge, but get below error, does this means the pod 443 should be read from the remote caserver? actully, the host locates in a inner network which cannot be reached from outside.i read the docs from https://doc.traefik.io/traefik/https/acme/, only tlsChallenge block mentions this requirement.
- just realize that the txt record has added to my dns, but disapper after a while.
- the acme.json was created and filled with content automatically
env:
k8s: 1.8
traefik: 2.3
{"level":"error","msg":"Unable to obtain ACME certificate for domains \"*.xx.com\" : unable to generate a certificate for the domains [*.xx.com]: error: one or more domains had a problem:\n[*.xx.com] time limit exceeded: last error: read udp 10.0.0.10:47072-\u003e140.205.41.18:53: i/o timeout\n","providerName":"ali.acme","time":"2020-12-02T12:23:43Z"}
ingressroute:
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: ingressroutetls
annotations:
kubernetes.io/ingress.class: traefik-v2.3
spec:
entryPoints:
- websecure
routes:
- match: Host(`test.traefik.xx.com`) && PathPrefix(`/tls`)
kind: Rule
services:
- name: whoami
port: 80
tls:
certResolver: ali
domains:
- main: "*.xx.com"
static setting
certificatesResolvers:
ali:
acme:
email: rx@qq.com
storage: /etc/acme/acme.json
caserver: https://acme-staging-v02.api.letsencrypt.org/directory
dnschallenge:
provider: alidns