Trafik - acme.sh - gratisdns.dk

Symbiot78 · May 8, 2020, 7:50pm

Hi
Quite new to traefik so am hoping to get some help setting up a working container with traefik.

I use the Danish DNS provider gratisdns.dk
from acme.sh there is a 3rd party provider dns_gdnsdk.sh that works.. in a seperate docker with just acme.sh I can pull a certificate .. all good.

But getting traefik to pull a certificate is proving to be very difficult..
My docker-compose file is built from examples and I've change very little apart from trying to replace cloudflare with gratisdns..
I am hoping someone can help
running the below file gives me the following error:

level=error msg="Unable to obtain ACME certificate for domains "vandelay.dk,*.vandelay.dk" : cannot get ACME client unrecognized DNS provider: dns_gdnsdk" providerName=dns_gdnsdk.acme

I've tried all sorts of iterations. I've added the dns_gdnsdk.sh file to the acme folder... I've scratched my head fervently for a few days.. nothing seems to work.. I expect fixing this error will lead to another..

I tried replacing staging server 02 with 01. which provided another error...

version: "3.7"

########################### NETWORKS
networks:
  t2_proxy:
    external:
      name: t2_proxy
  default:
    driver: bridge

########################### SERVICES
services:
# All services / apps go below this line

# Traefik 2 - Reverse Proxy
  traefik:
    container_name: traefik
    image: traefik:chevrotin # the chevrotin tag refers to v2.2.x
    restart: unless-stopped
    command: # CLI arguments
      - --global.checkNewVersion=true
      - --global.sendAnonymousUsage=false
      - --entryPoints.http.address=:80
      - --entryPoints.https.address=:443
      - --entryPoints.traefik.address=:8080
      - --api=true
      - --api.insecure=true
#      - --serversTransport.insecureSkipVerify=true
      - --log=true
      - --log.level=DEBUG # (Default: error) DEBUG, INFO, WARN, ERROR, FATAL, PANIC
      - --accessLog=true
      - --accessLog.filePath=trafik22/traefik.log
      - --accessLog.bufferingSize=100 # Configuring a buffer of 100 lines
      - --accessLog.filters.statusCodes=400-499
      - --providers.docker=true
      - --providers.docker.endpoint=unix:///var/run/docker.sock
      - --providers.docker.defaultrule=Host(`{{ index .Labels "com.docker.compose.service" }}.$DOMAINNAME`)
      - --providers.docker.exposedByDefault=false
      - --providers.docker.network=t2_proxy
      - --providers.docker.swarmMode=false
      - --providers.file.directory=/rules # Load dynamic configuration from one or more .toml or .yml files in a directory.
#      - --providers.file.filename=/path/to/file # Load dynamic configuration from a file.
      - --providers.file.watch=true # Only works on top level files in the rules folder



      - --certificatesResolvers.dns_gdnsdk.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory # LetsEncrypt Staging Server - uncomment when testing
      - --certificatesResolvers.dns_gdnsdk.acme.email=$GRATISDNS_email
      - --certificatesResolvers.dns_gdnsdk.acme.storage=/acme.json
      - --certificatesResolvers.dns_gdnsdk.acme.dnsChallenge.provider=dns_gdnsdk
      - --certificatesResolvers.dns_gdnsdk.acme.dnsChallenge.delayBeforeCheck=30
      - --certificatesResolvers.dns_gdnsdk.acme.dnsChallenge.resolvers=1.1.1.1:53,8.8.8.8:53


#####


    networks:
      t2_proxy:
        ipv4_address: 192.168.90.254 # You can specify a static IP
#    networks:
#      - t2_proxy
    security_opt:
      - no-new-privileges:true
    ports:
      - target: 80
        published: 80
        protocol: tcp
        mode: host
      - target: 443
        published: 443
        protocol: tcp
        mode: host
      - target: 8080
        published: 8881
        protocol: tcp
        mode: host
    volumes:
      - $USERDIR/trafik22/rules:/rules 
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - $USERDIR/trafik22/acme/acme.json:/acme.json 
#      - $USERDIR/acmesh/out:/acme
      - $USERDIR/trafik22/trafik22.log:/trafik22.log
#      - $USERDIR/docker/shared:/shared
      - $USERDIR/trafik22/acme:/acme
      - $USERDIR/trafik22/dnsapi/dns_gdnsdk.sh:/dns_gdnsdk.sh

    environment:
      - ACME_DNS_STORAGE_PATH=/acme
      - ACME_DNS_API_BASE=/dns_gdnsdk.sh

    labels:
      - "traefik.enable=true"

# HTTP-to-HTTPS Redirect
      - "traefik.http.routers.http-catchall.entrypoints=http"
      - "traefik.http.routers.http-catchall.rule=HostRegexp(`{host:.+}`)"
      - "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"

 # HTTP Routers
      - "traefik.http.routers.traefik-rtr.entrypoints=https"
      - "traefik.http.routers.traefik-rtr.rule=Host(`traefik.$DOMAINNAME`)"
      - "traefik.http.routers.traefik-rtr.tls=true"
      - "traefik.http.routers.traefik-rtr.tls.certresolver=dns_gdnsdk" # Comment out this line after first run of traefik to force the use of wildcard certs
      - "traefik.http.routers.traefik-rtr.tls.domains[0].main=$DOMAINNAME"
      - "traefik.http.routers.traefik-rtr.tls.domains[0].sans=*.$DOMAINNAME"
#      - "traefik.http.routers.traefik-rtr.tls.domains[1].main=$SECONDDOMAINNAME" # Pulls main cert for second domain
#      - "traefik.http.routers.traefik-rtr.tls.domains[1].sans=*.$SECONDDOMAINNAME" # Pulls wildcard cert for second domain
## Services - API
      - "traefik.http.routers.traefik-rtr.service=api@internal"

ldez · May 8, 2020, 8:55pm

Hello,

Traefik uses lego for the Let's Encrypt certificates and not acme.sh.

Currently, gratisdns.dk is not supported by lego.

The list of the supported DNS provider by Traefik are here: https://docs.traefik.io/v2.2/https/acme/#providers

You can contribute to the lego repository to add the support.
A contribution can be:

open an issue about your need and be able to run some tests.
or create pull request with the gratisdns.dk provider.

Symbiot78 · May 8, 2020, 9:22pm

Ok.
Hmmm.. I used this with acme.sh
Honestly I though this was the same as acme-dns

Symbiot78 · May 8, 2020, 9:27pm

Since I have the certificate created with acme.sh - can I import it manually into traefik? (If so - how?)

Symbiot78 · May 8, 2020, 9:30pm

I’ll look into the option to create a request. I doubt my skills are sufficient to build a provider base for gratisdns.
Though the template provided in your link looks similar to the acme.sh add on

cakiwi · May 8, 2020, 9:56pm

@Henry Had a good outcome using the external program provider.

Symbiot78 · May 8, 2020, 10:24pm

Thx. One big difference is that my provider doesn’t have an api you can hit:-(

cakiwi · May 8, 2020, 10:59pm

That script looks like a good starting point for use with the 'External Program' provider.

https://go-acme.github.io/lego/dns/exec/

Topic		Replies	Views
Dockers Unable to obtain ACME certificate for domains Traefik v2 docker	2	2301	December 4, 2020
Unrecognized DNS provider: googledomains Traefik v2 docker , letsencrypt-acme	6	789	June 13, 2023
Cannot get ACME client unrecognized DNS provider: InternetX Traefik v2 docker , letsencrypt-acme	3	1120	March 17, 2023
Unable to obtain ACME certificate for domains - credentials are missing Traefik v2 docker , letsencrypt-acme	6	2729	March 24, 2024
ACME Cert with docker Traefik v2 docker	3	1924	December 16, 2019

Trafik - acme.sh - gratisdns.dk

Related topics