My domain is: freeself.one
I ran this command: traefik in docker
docker-compose.yml:
version: "3.3"
services:
traefik:
image: "traefik:latest"
container_name: traefik
command:
- --log.level=DEBUG
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
- --certificatesresolvers.le.acme.email=thegergo02@tutanota.com
- --certificatesresolvers.le.acme.dnschallenge.provider=njalla
- --certificatesresolvers.le.acme.dnschallenge.delaybeforecheck=1200
#- --certificatesresolvers.le.acme.dnschallenge.storage=/acme.json
- --certificatesresolvers.le.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
- --providers.docker
- --api.insecure
ports:
- "80:80"
- "443:443"
- "8080:8080"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
environment:
- NJALLA_TOKEN=[redacted]
- NJALLA_TTL=1
- NJALLA_POLLING_INTERVAL=5
- NJALLA_PROPAGATION_TIMEOUT=1200
labels:
- "traefik.http.routers.traefik.tls=true"
- "traefik.http.routers.traefik.tls.certresolver=le"
- "traefik.http.routers.traefik.tls.domains[0].main=freeself.one"
- "traefik.http.routers.traefik.tls.domains[0].sans=*.freeself.one"
- "traefik.http.routers.traefik.service=api@internal"
whoami:
image: traefik/whoami
container_name: whoami
labels:
- traefik.http.routers.whoami.rule=Host(`whoami.freeself.one`)
- traefik.http.routers.whoami.entrypoints=websecure
It produced this output: relevant logs
traefik | time="2022-01-15T17:44:23Z" level=debug msg="Looking for provided certificate(s) to validate [\"freeself.one\" \"*.freeself.one\"]..." providerName=le.acme
traefik | time="2022-01-15T17:44:23Z" level=debug msg="Domains [\"freeself.one\" \"*.freeself.one\"] need ACME certificates generation for domains \"freeself.one,*.freeself.one\"." providerName=le.acme
traefik | time="2022-01-15T17:44:23Z" level=debug msg="Loading ACME certificates [freeself.one *.freeself.one]..." providerName=le.acme
traefik | time="2022-01-15T17:44:35Z" level=debug msg="Building ACME client..." providerName=le.acme
traefik | time="2022-01-15T17:44:35Z" level=debug msg="https://acme-staging-v02.api.letsencrypt.org/directory" providerName=le.acme
traefik | time="2022-01-15T17:44:36Z" level=info msg=Register... providerName=le.acme
traefik | time="2022-01-15T17:44:36Z" level=debug msg="legolog: [INFO] acme: Registering account for thegergo02@tutanota.com"
traefik | time="2022-01-15T17:44:36Z" level=debug msg="Using DNS Challenge provider: njalla" providerName=le.acme
traefik | time="2022-01-15T17:44:36Z" level=debug msg="legolog: [INFO] [freeself.one, *.freeself.one] acme: Obtaining bundled SAN certificate"
traefik | time="2022-01-15T17:44:37Z" level=debug msg="legolog: [INFO] [*.freeself.one] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/1437062598"
traefik | time="2022-01-15T17:44:37Z" level=debug msg="legolog: [INFO] [freeself.one] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/1437062608"
traefik | time="2022-01-15T17:44:37Z" level=debug msg="legolog: [INFO] [*.freeself.one] acme: use dns-01 solver"
traefik | time="2022-01-15T17:44:37Z" level=debug msg="legolog: [INFO] [freeself.one] acme: Could not find solver for: tls-alpn-01"
traefik | time="2022-01-15T17:44:37Z" level=debug msg="legolog: [INFO] [freeself.one] acme: Could not find solver for: http-01"
traefik | time="2022-01-15T17:44:37Z" level=debug msg="legolog: [INFO] [freeself.one] acme: use dns-01 solver"
traefik | time="2022-01-15T17:44:37Z" level=debug msg="legolog: [INFO] [*.freeself.one] acme: Preparing to solve DNS-01"
traefik | time="2022-01-15T17:44:37Z" level=debug msg="legolog: [INFO] [freeself.one] acme: Preparing to solve DNS-01"
traefik | time="2022-01-15T17:44:37Z" level=debug msg="legolog: [INFO] [*.freeself.one] acme: Trying to solve DNS-01"
traefik | time="2022-01-15T17:44:37Z" level=debug msg="legolog: [INFO] [*.freeself.one] acme: Checking DNS record propagation using [127.0.0.11:53]"
traefik | time="2022-01-15T17:44:42Z" level=debug msg="legolog: [INFO] Wait for propagation [timeout: 20m0s, interval: 5s]"
traefik | time="2022-01-15T17:44:43Z" level=debug msg="legolog: [INFO] [*.freeself.one] acme: Waiting for DNS record propagation."
traefik | time="2022-01-15T17:44:48Z" level=debug msg="legolog: [INFO] [*.freeself.one] acme: Waiting for DNS record propagation."
traefik | time="2022-01-15T17:44:53Z" level=debug msg="legolog: [INFO] [*.freeself.one] acme: Waiting for DNS record propagation."
traefik | time="2022-01-15T17:45:06Z" level=debug msg="legolog: [INFO] [freeself.one] acme: Trying to solve DNS-01"
traefik | time="2022-01-15T17:45:06Z" level=debug msg="legolog: [INFO] [freeself.one] acme: Checking DNS record propagation using [127.0.0.11:53]"
...
traefik | time="2022-01-15T17:45:11Z" level=debug msg="legolog: [INFO] Wait for propagation [timeout: 20m0s, interval: 5s]"
traefik | time="2022-01-15T17:45:17Z" level=debug msg="legolog: [INFO] [freeself.one] The server validated our request"
traefik | time="2022-01-15T17:45:17Z" level=debug msg="legolog: [INFO] [*.freeself.one] acme: Cleaning DNS-01 challenge"
traefik | time="2022-01-15T17:45:17Z" level=debug msg="legolog: [INFO] [freeself.one] acme: Cleaning DNS-01 challenge"
traefik | time="2022-01-15T17:45:17Z" level=debug msg="legolog: [INFO] Deactivating auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/1437062598"
traefik | time="2022-01-15T17:45:18Z" level=debug msg="legolog: [INFO] Skipping deactivating of valid auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/1437062608"
traefik | time="2022-01-15T17:45:18Z" level=error msg="Unable to obtain ACME certificate for domains \"freeself.one,*.freeself.one\" : unable to generate a certificate for the domains [freeself.one *.freeself.one]: error: one or more domains had a problem:\n[*.freeself.one] acme: error: 400 :: urn:ietf:params:acme:error:dns :: During secondary validation: DNS problem: SERVFAIL looking up TXT for _acme-challenge.freeself.one - the domain's nameservers may be malfunctioning\n" providerName=le.acme
My web server is (include version): traefik:latest
The operating system my web server runs on is (include version): Gentoo aarch64
I can login to a root shell on my machine (yes or no, or I don't know): yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no
As you can see I've fiddled with delays to make sure DNS propagation is not an issue, but no luck. (Don't get surprised, on prod servers I'm rate-limited right now, I forgot to use staging servers at the start).