Traefik Docker Duckdns

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: homerobert.duckdns.org

I ran this command:

docker-compose

traefik:
image: traefik
restart: always
container_name: “traefik”
command:
- “–api.insecure=true”
- “–providers.docker=true”
- “–providers.docker.exposedbydefault=false”
- “–entrypoints.http.address=:80”
- “–entrypoints.https.address=:443”
- “–certificatesresolvers.duckdns.acme.httpchallenge=true”
- “–certificatesresolvers.duckdns.acme.httpchallenge.entrypoint=http”
- “--certificatesresolvers.duckdns.acme.email=g&&&&&&@gmail.com”
- “–certificatesresolvers.duckdns.acme.storage=/acme.json”

traefik.yml

global:
checkNewVersion: true
sendAnonymousUsage: false

entryPoints:
http:
address: “:80”
https:
address: “:443”

certificatesResolvers:
duckdns:
acme:
email: g&&&&&&@gmail.com
storage: /acme.json
httpChallenge:
entryPoint: http

api:
insecure: true
dashboard: true

providers:
docker:
exposedByDefault: false
file:
filename: /etc/traefik/dyn-config.yml
watch: true

It produced this output:

My web server is (include version): qnap server, docker

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

I can’t generate certificate sinde ten days: traefik log say:

time=“2020-02-13T16:11:57Z” level=error msg=“Unable to obtain ACME certificate for domains “homeassistant.homerobert.duckdns.org” detected thanks to rule “Host:homeassistant.homerobert.duckdns.org” : cannot get ACME client get directory at ‘https://acme-v02.api.letsencrypt.org/directory’: failed to get json “https://acme-v02.api.letsencrypt.org/directory”: Get https://acme-v02.api.letsencrypt.org/directory: dial tcp: lookup acme-v02.api.letsencrypt.org on 127.0.0.11:53: read udp 127.0.0.1:42034->127.0.0.11:53: i/o timeout”,
time=“2020-02-13T16:12:07Z” level=error msg=“Unable to obtain ACME certificate for domains “traefik.homerobert.duckdns.org” detected thanks to rule “Host:traefik.homerobert.duckdns.org” : cannot get ACME client get directory at ‘https://acme-v02.api.letsencrypt.org/directory’: failed to get json “https://acme-v02.api.letsencrypt.org/directory”: Get https://acme-v02.api.letsencrypt.org/directory: dial tcp: lookup acme-v02.api.letsencrypt.org on 127.0.0.11:53: read udp 127.0.0.1:58474->127.0.0.11:53: i/o timeout”,
time=“2020-02-13T16:12:17Z” level=error msg=“Unable to obtain ACME certificate for domains “portainer.container.homerobert.duckdns.org” detected thanks to rule “Host:portainer.container.homerobert.duckdns.org” : cannot get ACME client get directory at ‘https://acme-v02.api.letsencrypt.org/directory’: failed to get json “https://acme-v02.api.letsencrypt.org/directory”: Get https://acme-v02.api.letsencrypt.org/directory: dial tcp: lookup acme-v02.api.letsencrypt.org on 127.0.0.11:53: read udp 127.0.0.1:54311->127.0.0.11:53: i/o timeout”,
time=“2020-02-13T16:14:08Z” level=error msg=“Unable to obtain ACME certificate for domains “homeassistant.homerobert.duckdns.org” detected thanks to rule “Host:homeassistant.homerobert.duckdns.org” : cannot get ACME client get directory at ‘https://acme-v02.api.letsencrypt.org/directory’: failed to get json “https://acme-v02.api.letsencrypt.org/directory”: Get https://acme-v02.api.letsencrypt.org/directory: dial tcp: lookup acme-v02.api.letsencrypt.org on 127.0.0.11:53: read udp 127.0.0.1:50046->127.0.0.11:53: i/o timeout”,
time=“2020-02-13T16:14:18Z” level=error msg=“Unable to obtain ACME certificate for domains “traefik.homerobert.duckdns.org” detected thanks to rule “Host:traefik.homerobert.duckdns.org” : cannot get ACME client get directory at ‘https://acme-v02.api.letsencrypt.org/directory’: failed to get json “https://acme-v02.api.letsencrypt.org/directory”: Get https://acme-v02.api.letsencrypt.org/directory: dial tcp: lookup acme-v02.api.letsencrypt.org on 127.0.0.11:53: read udp 127.0.0.1:44892->127.0.0.11:53: i/o timeout”,
time=“2020-02-13T16:14:28Z” level=error msg=“Unable to obtain ACME certificate for domains “portainer.container.homerobert.duckdns.org” detected thanks to rule “Host:portainer.container.homerobert.duckdns.org” : cannot get ACME client get directory at ‘https://acme-v02.api.letsencrypt.org/directory’: failed to get json “https://acme-v02.api.letsencrypt.org/directory”: Get https://acme-v02.api.letsencrypt.org/directory: dial tcp: lookup acme-v02.api.letsencrypt.org on 127.0.0.11:53: read udp 127.0.0.1:56435->127.0.0.11:53: i/o timeout”,

Why i don’t get new certificates since duckdns?

Hi @Ganrovir

I'm not firm with traefik.

But your error

says: Your client tries to connect a local (127.0.0.1) dns server (port 53) to find the ip address of acme-v02.api.letsencrypt.org. That doesn't work, that local dns server has a timeout.

So your client doesn't find an ip address of acme-v02.api.letsencrypt.org, so it's impossible to create a new order.

Perhaps reconfigure your system so a public dns server (1.1.1.1 or 8.8.8.8) is used.

Traefik log erro:

time="2020-02-18T17:55:33Z" level=error msg="Unable to obtain ACME certificate for domains "portainer.homerobert.duckdns.org": cannot get ACME client get directory at 'https://acme-v02.api.letsencrypt.org/directory': Get https://acme-v02.api.letsencrypt.org/directory: dial tcp: lookup acme-v02.api.letsencrypt.org on 127.0.0.11:53: read udp 127.0.0.1:41630->127.0.0.11:53: i/o timeout" providerName=duckdns.acme routerName=portainer-https@docker rule="Host(portainer.homerobert.duckdns.org)"

289/5000

Hello, until a few weeks ago I always worked with certified V1 and tube.

Now with atrafik v2 I already lost the previous certificates and when trying to use traefik v2 they no longer regenerate

I do not understand the public ip ??, My server dns duckdns.org has my public ip configured

113/5000

I have tried countless configurations but I never install certificates. Is it possible to have a limit of ratio?

If you want to create a certificate, your server must be able to connect Letsencrypt.

But your server can't connect Letsencrypt because your local dns server doesn't work. So your system doesn't know the ip address of Letsencrypt.

That's a local (Letsencrypt independend) problem you have to fix.

But I don't know how such a traefik environment works, so I don't know how to fix it.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.