Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
bandstraat4.nl
I ran this command:
docker-compose up -d
It produced this output:
acme: error: 400 :: urn:ietf:params:acme:error:dns :: No valid IP addresses found for mqtt.bandstraat4.nl\n" rule="HostSNI(`mqtt.bandstraat4.nl`)" providerName=myresolver.acme routerName=mqtt@docker reverse-proxy | time="2021-04-27T05:55:56Z" level=error msg="Unable to obtain ACME certificate for domains \"bitwarden.bandstraat4.nl\": unable to generate a certificate for the domains [bitwarden.bandstraat4.nl]: error: one or more domains had a problem:\n[bitwarden]
My web server is (include version):
Traefik as a reverse proxy
The operating system my web server runs on is (include version):
Debian 10
My hosting provider, if applicable, is:
Transip
I can login to a root shell on my machine (yes or no, or I don't know):
yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
Nope
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): Not applicable
Dear all,
My previously working ACME configuration for traefik seized working the other day, providing strange errors in the console output. I use a public domain to redirect tunneled traffic (over https via wireguard) to my internal network, there Traefik redirects to its correct docker-container using a http/https proxy configured to obtain certificates from letsencrypt.
This was working like a charm for a while, but since a few days (april 25th, certificate expiry) it keeps me puzzling. I am getting errors as described above and I unfortunately do not know of any workarounds, the configuration I am using is as follows:
providers:
docker:
exposedByDefault: false
traefik:
http:
routers:
api:
tls:
certresolver: myresolver
domains:
- main: bandstraat4.nl
sans: "*.bandstraat4.nl"
certificatesResolvers:
myresolver:
acme:
caServer: https://acme-staging-v02.api.letsencrypt.org/directory
dnsChallenge:
provider: transip
resolvers:
- 1.1.1.1:53
- 8.8.8.8:53
storage: /letsencrypt/acme.json
tlsChallenge: true
entrypoints:
traefik:
address: ":8181"
mqtt:
address: ":1883"
mqttsecure:
address: ":8883"
http:
tls:
certResolver: myresolver
web:
address: ":80"
websecure:
address: ":443"
http:
tls:
certResolver: myresolver
The transip provider uses my private key and username from the environment to do proper authentication against its api, which should not have changed (coincidentally, my domain name was renewed somewhere in April).
An individual configuration entry in my docker-compose.yml looks like this:
nodered:
image: nodered/node-red
container_name: node-red
ports:
- 1880:1880
volumes:
- "${HOME_DIR}/nodered:/data"
environment:
- TZ=Europe/Amsterdam
labels:
- "traefik.enable=true"
- "traefik.http.routers.nr-https.tls=true"
- "traefik.http.routers.nr-https.rule=Host(`nodered.bandstraat4.nl`)"
- "traefik.http.routers.nr-https.entrypoints=websecure,web"
- "traefik.http.routers.nr-https.tls.certresolver=myresolver"
- "traefik.http.middlewares.nr-redirect.redirectscheme.scheme=https"
- "traefik.http.middlewares.nr-redirect.redirectscheme.permanent=true"
- "traefik.http.routers.nr-https.middlewares=nr-redirect"
- "traefik.http.services.nr-service.loadbalancer.server.port=1880"
- "traefik.http.services.nr-service.loadbalancer.server.scheme=http"
restart: unless-stopped
Can someone please tell me what seems to be the problem ?