The operating system my web server runs on is (include version):
I can login to a root shell on my machine (yes or no, or I don’t know): yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no
I am using traefik in a docker swarm. I need to generate certificates in a Domain which is handled by my company DNS’s server, with bind9.
When I do it in the staging environment, I have absolutely no problems and get the certificate in 2 mns. But, when I try to obtain it with the production env, it fails almost every time. It fails when with the second server verification…here are the messages I have :
Unable to obtain ACME certificate for domains “test69.osparc.speag.com”: unable to generate a certificate for the domains [test69.osparc.speag.com]: error: one or more domains had a problem:\n[test69.osparc.speag.com] acme: error: 400 :: urn:ietf:params:acme:error:dns :: During secondary validation: DNS problem: NXDOMAIN looking up TXT for _acme-challenge.test69.osparc.speag.com - check that a DNS record exists for this domain, url: \n" providerName=myresolver.acme routerName=api@docker rule=“Host(
test69.osparc.speag.com) && (PathPrefix(
/dashboard) || PathPrefix(
During secondary validation: DNS problem: networking error looking up CAA for test69.osparc.speag.com
There is currently no CAA for this domain. I will add one to see if it changes something but logically it shouldn’t be that.
I asked traeffik to wait three hours to have some DNS propagation before checking. And still the same message… Does someones have an idea about what is wrong ? Why some traefik’s secondary server canno’t check the record ?
Also, does traefik use secondary servers for a renewal of the certificate ? Because it seems that this is working quite well…