Traefiks Gandi DNS resolver certs are not creating

Traefik Traefik v3 (latest)
,
1

Hi Team,
I am trying to generate certificates using Traefik along with the Let's Encrypt DNS challenge, but the certificate section in my acme.json file is empty. Could you please help me with this?

  • I have checked the container logs and did not find any errors.

  • My Traefik container is running without any issues.

  • In the acme.json file, I can see the private key only and certificate is null.

  • I checked the logs and still do not see any errors.

docker-compose fie

services:
  traefik:
    image: traefik:v3.2
    container_name: traefik
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    networks:
      - traefik
    ports:
      - 80:80
      - 443:443
    environment:
      GANDI_API_KEY_FILE: ${GANDI_API_KEY}
      TRAEFIK_DASHBOARD_CREDENTIALS: ${TRAEFIK_DASHBOARD_CREDENTIALS}
    secrets:
      - gandi_api_token
    env_file: .env
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./data/traefik.yml:/traefik.yml:ro
      - ./data/acme.json:/acme.json
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik.entrypoints=http"
      - "traefik.http.routers.traefik.rule=Host(`traefik-dashboard.example.com`)"
      - "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_DASHBOARD_CREDENTIALS}"
      - "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
      - "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
      - "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
      - "traefik.http.routers.traefik-secure.entrypoints=https"
      - "traefik.http.routers.traefik-secure.rule=Host(`traefik-dashboard.example.com`)"
      - "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
      - "traefik.http.routers.traefik-secure.tls=true"
      - "traefik.http.routers.traefik-secure.tls.certresolver=gandi" 
      - "traefik.http.routers.traefik-secure.tls.domains[0].main=traefik-dashboard.example.com"
        #- "traefik.http.routers.traefik-secure.tls.domains[0].sans=*.int.example.com"
      - "traefik.http.routers.traefik-secure.service=api@internal"

secrets:
  gandi_api_token:
    file: ./gandi_api_token.txt

networks:
  traefik:
    external: true

global:
  checkNewVersion: false
  sendAnonymousUsage: false
log:
 level: DEBUG
 filePath: "/var/log/traefik/traefik.log"

api:
  dashboard: true
  debug: true
entryPoints:
  http:
    address: ":80"
    http:
      redirections:
        entryPoint:
          to: https
          scheme: https
  https:
    address: ":443"
serversTransport:
  insecureSkipVerify: true
providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false
certificatesResolvers:
  gandi:
    acme:
      email: emailatsupport@.example.com
      storage: acme.json
        #caServer: https://acme-v02.api.letsencrypt.org/directory
      caServer: https://acme-staging-v02.api.letsencrypt.org/directory
      dnsChallenge:
        provider: gandi
        resolvers:
          - "213.186.33.99:53"
          - "213.186.33.100:53"

Thank you in advance for your support!

2

Enable and check Traefik debug log.

I would place the http-to-https redirect and certResolver only globally on entrypoint, a lot less config, see simple Traefik example.

And use an absolute path for

3

@bluepuma77 Thank you very much for your prompt response.

I have tried using the DEBUG log option and didn't see any errors.

I'll try this solution and will get back to you.

5

I was able to resolve this issue after updating the dns resolver servers.
you can get the correct dns servers from here

certificatesResolvers:
  gandi:
    acme:
      email: admin@yourdomain.com
      storage: /letsencrypt/acme.json
        #caServer: https://acme-staging-v02.api.letsencrypt.org/directory  # Switch to production when ready
      caServer: https://acme-v02.api.letsencrypt.org/directory
      dnsChallenge:
        provider: gandiv5
        resolvers:
          - "217.70.185.65:53"
          - "8.8.8.8:53

https://www.nslookup.io/domains/gandi.net/dns-records/

6

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.