Hello,
I have tried to add DNS Challenge for HTTPS for Docker / Traefik with let's encrypt.
When I run, I can see my TXT entry in the OVH panel :
certbot certonly --dns-ovh --dns-ovh-credentials ~/ovh.ini -d show.domain.net -v --preferred-challenges dns --debug-challenges
But when I use traefik, I get an error, I have follow a lot of pages, and I didn't find solution. Is it a problem about OVH / Settings ?
time="2023-03-30T18:52:26+02:00" level=debug msg="Creating middleware" serviceName=jackett middlewareName=pipelining middlewareType=Pipelining routerName=jackett@docker entryPointName=websecure
time="2023-03-30T18:52:26+02:00" level=debug msg="Creating load-balancer" entryPointName=websecure serviceName=jackett routerName=jackett@docker
time="2023-03-30T18:52:26+02:00" level=debug msg="Creating server 0 http://172.21.0.7:9117" serverName=0 routerName=jackett@docker entryPointName=websecure serviceName=jackett
time="2023-03-30T18:52:26+02:00" level=debug msg="child http://172.21.0.7:9117 now UP"
time="2023-03-30T18:52:26+02:00" level=debug msg="Propagating new UP status"
time="2023-03-30T18:52:26+02:00" level=debug msg="Added outgoing tracing middleware jackett" routerName=jackett@docker middlewareName=tracing middlewareType=TracingForwarder entryPointName=websecure
time="2023-03-30T18:52:26+02:00" level=debug msg="Creating middleware" entryPointName=websecure routerName=sonarr@docker serviceName=sonarr middlewareName=pipelining middlewareType=Pipelining
time="2023-03-30T18:52:26+02:00" level=debug msg="Creating load-balancer" entryPointName=websecure routerName=sonarr@docker serviceName=sonarr
time="2023-03-30T18:52:26+02:00" level=debug msg="Creating server 0 http://172.21.0.3:8989" serverName=0 entryPointName=websecure routerName=sonarr@docker serviceName=sonarr
time="2023-03-30T18:52:26+02:00" level=debug msg="child http://172.21.0.3:8989 now UP"
time="2023-03-30T18:52:26+02:00" level=debug msg="Propagating new UP status"
time="2023-03-30T18:52:26+02:00" level=debug msg="Added outgoing tracing middleware sonarr" middlewareName=tracing middlewareType=TracingForwarder entryPointName=websecure routerName=sonarr@docker
time="2023-03-30T18:52:26+02:00" level=debug msg="Creating middleware" middlewareType=Pipelining entryPointName=websecure routerName=whoami@docker serviceName=whoami-whoami middlewareName=pipelining
time="2023-03-30T18:52:26+02:00" level=debug msg="Creating load-balancer" serviceName=whoami-whoami entryPointName=websecure routerName=whoami@docker
time="2023-03-30T18:52:26+02:00" level=debug msg="Creating server 0 http://172.21.0.10:80" routerName=whoami@docker serviceName=whoami-whoami serverName=0 entryPointName=websecure
time="2023-03-30T18:52:26+02:00" level=debug msg="child http://172.21.0.10:80 now UP"
time="2023-03-30T18:52:26+02:00" level=debug msg="Propagating new UP status"
time="2023-03-30T18:52:26+02:00" level=debug msg="Added outgoing tracing middleware whoami-whoami" middlewareType=TracingForwarder entryPointName=websecure routerName=whoami@docker middlewareName=tracing
time="2023-03-30T18:52:26+02:00" level=debug msg="Creating middleware" middlewareName=traefik-internal-recovery middlewareType=Recovery entryPointName=websecure
time="2023-03-30T18:52:26+02:00" level=debug msg="Adding route for test.domain.net with TLS options default" entryPointName=websecure
time="2023-03-30T18:52:26+02:00" level=debug msg="Adding route for request.domain.net with TLS options default" entryPointName=websecure
time="2023-03-30T18:52:26+02:00" level=debug msg="Adding route for index.domain.net with TLS options default" entryPointName=websecure
time="2023-03-30T18:52:26+02:00" level=debug msg="Adding route for show.domain.net with TLS options default" entryPointName=websecure
time="2023-03-30T18:52:26+02:00" level=debug msg="Trying to challenge certificate for domain [request.domain.net] found in HostSNI rule" rule="Host(`request.domain.net`)" providerName=myresolver.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory" routerName=overseerr@docker
time="2023-03-30T18:52:26+02:00" level=debug msg="Trying to challenge certificate for domain [show.domain.net] found in HostSNI rule" rule="Host(`show.domain.net`)" providerName=myresolver.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory" routerName=sonarr@docker
time="2023-03-30T18:52:26+02:00" level=debug msg="Trying to challenge certificate for domain [test.domain.net] found in HostSNI rule" routerName=whoami@docker rule="Host(`test.domain.net`)" providerName=myresolver.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory"
time="2023-03-30T18:52:26+02:00" level=debug msg="Looking for provided certificate(s) to validate [\"request.domain.net\"]..." routerName=overseerr@docker rule="Host(`request.domain.net`)" providerName=myresolver.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory"
time="2023-03-30T18:52:26+02:00" level=debug msg="Looking for provided certificate(s) to validate [\"show.domain.net\"]..." rule="Host(`show.domain.net`)" providerName=myresolver.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory" routerName=sonarr@docker
time="2023-03-30T18:52:26+02:00" level=debug msg="Domains [\"request.domain.net\"] need ACME certificates generation for domains \"request.domain.net\"." routerName=overseerr@docker rule="Host(`request.domain.net`)" providerName=myresolver.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory"
time="2023-03-30T18:52:26+02:00" level=debug msg="Loading ACME certificates [request.domain.net]..." routerName=overseerr@docker rule="Host(`request.domain.net`)" providerName=myresolver.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory"
time="2023-03-30T18:52:26+02:00" level=debug msg="Building ACME client..." providerName=myresolver.acme
time="2023-03-30T18:52:26+02:00" level=debug msg="https://acme-v02.api.letsencrypt.org/directory" providerName=myresolver.acme
time="2023-03-30T18:52:26+02:00" level=debug msg="Domains [\"show.domain.net\"] need ACME certificates generation for domains \"show.domain.net\"." providerName=myresolver.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory" routerName=sonarr@docker rule="Host(`show.domain.net`)"
time="2023-03-30T18:52:26+02:00" level=debug msg="Loading ACME certificates [show.domain.net]..." rule="Host(`show.domain.net`)" providerName=myresolver.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory" routerName=sonarr@docker
time="2023-03-30T18:52:26+02:00" level=debug msg="Trying to challenge certificate for domain [index.domain.net] found in HostSNI rule" providerName=myresolver.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory" routerName=jackett@docker rule="Host(`index.domain.net`)"
time="2023-03-30T18:52:26+02:00" level=debug msg="Looking for provided certificate(s) to validate [\"test.domain.net\"]..." rule="Host(`test.domain.net`)" providerName=myresolver.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory" routerName=whoami@docker
time="2023-03-30T18:52:26+02:00" level=debug msg="Domains [\"test.domain.net\"] need ACME certificates generation for domains \"test.domain.net\"." ACME CA="https://acme-v02.api.letsencrypt.org/directory" routerName=whoami@docker rule="Host(`test.domain.net`)" providerName=myresolver.acme
time="2023-03-30T18:52:26+02:00" level=debug msg="Loading ACME certificates [test.domain.net]..." rule="Host(`test.domain.net`)" providerName=myresolver.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory" routerName=whoami@docker
time="2023-03-30T18:52:26+02:00" level=debug msg="Looking for provided certificate(s) to validate [\"index.domain.net\"]..." rule="Host(`index.domain.net`)" providerName=myresolver.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory" routerName=jackett@docker
time="2023-03-30T18:52:26+02:00" level=debug msg="Domains [\"index.domain.net\"] need ACME certificates generation for domains \"index.domain.net\"." ACME CA="https://acme-v02.api.letsencrypt.org/directory" routerName=jackett@docker rule="Host(`index.domain.net`)" providerName=myresolver.acme
time="2023-03-30T18:52:26+02:00" level=debug msg="Loading ACME certificates [index.domain.net]..." providerName=myresolver.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory" routerName=jackett@docker rule="Host(`index.domain.net`)"
time="2023-03-30T18:52:27+02:00" level=debug msg="Using DNS Challenge provider: ovh" providerName=myresolver.acme
time="2023-03-30T18:52:27+02:00" level=debug msg="legolog: [INFO] [request.domain.net] acme: Obtaining bundled SAN certificate"
time="2023-03-30T18:52:27+02:00" level=debug msg="legolog: [INFO] [show.domain.net] acme: Obtaining bundled SAN certificate"
time="2023-03-30T18:52:27+02:00" level=debug msg="legolog: [INFO] [test.domain.net] acme: Obtaining bundled SAN certificate"
time="2023-03-30T18:52:27+02:00" level=debug msg="legolog: [INFO] [index.domain.net] acme: Obtaining bundled SAN certificate"
time="2023-03-30T18:52:27+02:00" level=debug msg="legolog: [INFO] [show.domain.net] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/215293286827"
time="2023-03-30T18:52:27+02:00" level=debug msg="legolog: [INFO] [show.domain.net] acme: Could not find solver for: tls-alpn-01"
time="2023-03-30T18:52:27+02:00" level=debug msg="legolog: [INFO] [show.domain.net] acme: Could not find solver for: http-01"
time="2023-03-30T18:52:27+02:00" level=debug msg="legolog: [INFO] [show.domain.net] acme: use dns-01 solver"
time="2023-03-30T18:52:27+02:00" level=debug msg="legolog: [INFO] [show.domain.net] acme: Preparing to solve DNS-01"
time="2023-03-30T18:52:27+02:00" level=debug msg="legolog: [INFO] [request.domain.net] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/[replaced by author]"
time="2023-03-30T18:52:27+02:00" level=debug msg="legolog: [INFO] [request.domain.net] acme: Could not find solver for: tls-alpn-01"
time="2023-03-30T18:52:27+02:00" level=debug msg="legolog: [INFO] [request.domain.net] acme: Could not find solver for: http-01"
time="2023-03-30T18:52:27+02:00" level=debug msg="legolog: [INFO] [request.domain.net] acme: use dns-01 solver"
time="2023-03-30T18:52:27+02:00" level=debug msg="legolog: [INFO] [request.domain.net] acme: Preparing to solve DNS-01"
time="2023-03-30T18:52:28+02:00" level=debug msg="legolog: [INFO] [index.domain.net] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/215293287147"
time="2023-03-30T18:52:28+02:00" level=debug msg="legolog: [INFO] [index.domain.net] acme: Could not find solver for: tls-alpn-01"
time="2023-03-30T18:52:28+02:00" level=debug msg="legolog: [INFO] [index.domain.net] acme: Could not find solver for: http-01"
time="2023-03-30T18:52:28+02:00" level=debug msg="legolog: [INFO] [index.domain.net] acme: use dns-01 solver"
time="2023-03-30T18:52:28+02:00" level=debug msg="legolog: [INFO] [index.domain.net] acme: Preparing to solve DNS-01"
time="2023-03-30T18:52:28+02:00" level=debug msg="legolog: [INFO] [test.domain.net] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/215293287107"
time="2023-03-30T18:52:28+02:00" level=debug msg="legolog: [INFO] [test.domain.net] acme: Could not find solver for: tls-alpn-01"
time="2023-03-30T18:52:28+02:00" level=debug msg="legolog: [INFO] [test.domain.net] acme: Could not find solver for: http-01"
time="2023-03-30T18:52:28+02:00" level=debug msg="legolog: [INFO] [test.domain.net] acme: use dns-01 solver"
time="2023-03-30T18:52:28+02:00" level=debug msg="legolog: [INFO] [test.domain.net] acme: Preparing to solve DNS-01"
time="2023-03-30T18:52:28+02:00" level=debug msg="legolog: [INFO] [show.domain.net] acme: Trying to solve DNS-01"
time="2023-03-30T18:52:28+02:00" level=debug msg="legolog: [INFO] [show.domain.net] acme: Checking DNS record propagation using [127.0.0.11:53]"
time="2023-03-30T18:52:28+02:00" level=debug msg="legolog: [INFO] [request.domain.net] acme: Trying to solve DNS-01"
time="2023-03-30T18:52:28+02:00" level=debug msg="legolog: [INFO] [request.domain.net] acme: Checking DNS record propagation using [127.0.0.11:53]"
time="2023-03-30T18:52:28+02:00" level=debug msg="legolog: [INFO] [index.domain.net] acme: Trying to solve DNS-01"
time="2023-03-30T18:52:28+02:00" level=debug msg="legolog: [INFO] [index.domain.net] acme: Checking DNS record propagation using [127.0.0.11:53]"
time="2023-03-30T18:52:28+02:00" level=debug msg="legolog: [INFO] [test.domain.net] acme: Trying to solve DNS-01"
time="2023-03-30T18:52:28+02:00" level=debug msg="legolog: [INFO] [test.domain.net] acme: Checking DNS record propagation using [127.0.0.11:53]"
time="2023-03-30T18:52:30+02:00" level=debug msg="legolog: [INFO] Wait for propagation [timeout: 1m0s, interval: 2s]"
time="2023-03-30T18:52:30+02:00" level=debug msg="Delaying 60000000000 rather than validating DNS propagation now." providerName=myresolver.acme
time="2023-03-30T18:52:30+02:00" level=debug msg="legolog: [INFO] Wait for propagation [timeout: 1m0s, interval: 2s]"
time="2023-03-30T18:52:30+02:00" level=debug msg="Delaying 60000000000 rather than validating DNS propagation now." providerName=myresolver.acme
time="2023-03-30T18:52:30+02:00" level=debug msg="legolog: [INFO] Wait for propagation [timeout: 1m0s, interval: 2s]"
time="2023-03-30T18:52:30+02:00" level=debug msg="Delaying 60000000000 rather than validating DNS propagation now." providerName=myresolver.acme
time="2023-03-30T18:52:30+02:00" level=debug msg="legolog: [INFO] Wait for propagation [timeout: 1m0s, interval: 2s]"
time="2023-03-30T18:52:30+02:00" level=debug msg="Delaying 60000000000 rather than validating DNS propagation now." providerName=myresolver.acme
time="2023-03-30T18:53:30+02:00" level=debug msg="legolog: [INFO] [show.domain.net] acme: Waiting for DNS record propagation."
time="2023-03-30T18:53:30+02:00" level=debug msg="legolog: [INFO] [request.domain.net] acme: Waiting for DNS record propagation."
time="2023-03-30T18:53:30+02:00" level=debug msg="legolog: [INFO] [index.domain.net] acme: Waiting for DNS record propagation."
time="2023-03-30T18:53:30+02:00" level=debug msg="legolog: [INFO] [test.domain.net] acme: Waiting for DNS record propagation."
time="2023-03-30T18:53:32+02:00" level=debug msg="legolog: [INFO] [show.domain.net] acme: Cleaning DNS-01 challenge"
time="2023-03-30T18:53:32+02:00" level=debug msg="legolog: [INFO] [request.domain.net] acme: Cleaning DNS-01 challenge"
time="2023-03-30T18:53:32+02:00" level=debug msg="legolog: [INFO] [index.domain.net] acme: Cleaning DNS-01 challenge"
time="2023-03-30T18:53:32+02:00" level=debug msg="legolog: [INFO] [test.domain.net] acme: Cleaning DNS-01 challenge"
time="2023-03-30T18:53:33+02:00" level=debug msg="legolog: [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/215293286827"
time="2023-03-30T18:53:33+02:00" level=debug msg="legolog: [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/[replaced by author]"
time="2023-03-30T18:53:33+02:00" level=debug msg="legolog: [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/215293287147"
time="2023-03-30T18:53:33+02:00" level=error msg="Unable to obtain ACME certificate for domains \"show.domain.net\": unable to generate a certificate for the domains [show.domain.net]: error: one or more domains had a problem:\n[show.domain.net] time limit exceeded: last error: NS dns.ovh.net. returned SERVFAIL for _acme-challenge.show.domain.net.\n" ACME CA="https://acme-v02.api.letsencrypt.org/directory" routerName=sonarr@docker rule="Host(`show.domain.net`)" providerName=myresolver.acme
time="2023-03-30T18:53:33+02:00" level=error msg="Unable to obtain ACME certificate for domains \"index.domain.net\": unable to generate a certificate for the domains [index.domain.net]: error: one or more domains had a problem:\n[index.domain.net] time limit exceeded: last error: NS dns.ovh.net. returned SERVFAIL for _acme-challenge.index.domain.net.\n" providerName=myresolver.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory" routerName=jackett@docker rule="Host(`index.domain.net`)"
time="2023-03-30T18:53:33+02:00" level=error msg="Unable to obtain ACME certificate for domains \"request.domain.net\": unable to generate a certificate for the domains [request.domain.net]: error: one or more domains had a problem:\n[request.domain.net] time limit exceeded: last error: NS dns.ovh.net. returned SERVFAIL for _acme-challenge.request.domain.net.\n" routerName=overseerr@docker rule="Host(`request.domain.net`)" providerName=myresolver.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory"
time="2023-03-30T18:53:33+02:00" level=debug msg="legolog: [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/215293287107"
time="2023-03-30T18:53:33+02:00" level=error msg="Unable to obtain ACME certificate for domains \"test.domain.net\": unable to generate a certificate for the domains [test.domain.net]: error: one or more domains had a problem:\n[test.domain.net] time limit exceeded: last error: NS dns.ovh.net. returned SERVFAIL for _acme-challenge.test.domain.net.\n" ACME CA="https://acme-v02.api.letsencrypt.org/directory" routerName=whoami@docker rule="Host(`test.domain.net`)" providerName=myresolver.acme
I don't know what can I do, because during a little moment, I didn't get error...
Do you have an explanation ?
Thank you
Regards
HTTPS DNS Challenge - Docker/Traefik - NS dns.ovh.net. returned SERVFAIL for _acme-chal
Welcome to OVHcloud Community
Ask questions, search for information, post content, and interact with other OVHcloud Community members.
Question
HTTPS DNS Challenge - Docker/Traefik - NS dns.ovh.net. returned SERVFAIL for _acme-chal
Upvotes (0)
1048 Views
Related questions
- How to configure DKIM record DNS in OVH panel?
3911 
22.07.2022 07:11
- VPS and DNS problem
3066 20.04.2018 03:17
- Slow DNS Lookup with activated OVH Firewall
2472 25.09.2018 16:34
- "Change Reverse DNS" greyed out
2444 16.12.2017 05:11
- Domain DNS Error
2184 13.03.2018 13:29
- Cannot change DNS server
2101 17.05.2019 19:05
- DNS Wildcard. Works or not?
1972 06.04.2020 14:21
- DNSSEC and .IT extension not supported by OVH
1912 24.03.2022 10:51
- DDNS and client for windows computer
1910 26.08.2020 15:19
- Transfer a domain to OVH and DNS zone activation
1774 24.05.2019 15:42