search

ReinerNippes / nextcloud_on_docker

Run Nextcloud in Docker Container on various Linux Hosts
MIT License
203 stars 48 forks source link

Unable to obtain ACME certificate for domains: Connection refused #94

Open signedbit opened 3 years ago

signedbit commented 3 years ago

Hi, first thank you very much for creating this. It has provided incredible value. Thank you, you're the best.

For debugging, I did a fresh clone, changed base dir (to not interfere with my actual data.) Yes, DNS is configured correctly. Configured Traefik to use LetsEncrypt staging for testing. CentOS 7.

Traefik container logs are spammed non-stop.

time="2021-03-07T02:42:43Z" level=debug msg="Adding route for redacted-domain.com with TLS options default" entryPointName=web-secure
time="2021-03-07T02:42:43Z" level=debug msg="Try to challenge certificate for domain [redacted-domain.com] found in HostSNI rule" providerName=letsencrypt.acme rule="Host(`redacted-domain.com`)" routerName=nginx@docker
time="2021-03-07T02:42:43Z" level=debug msg="Looking for provided certificate(s) to validate [\"redacted-domain.com\"]..." providerName=letsencrypt.acme rule="Host(`redacted-domain.com`)" routerName=nginx@docker
time="2021-03-07T02:42:43Z" level=debug msg="Domains [\"redacted-domain.com\"] need ACME certificates generation for domains \"redacted-domain.com\"." rule="Host(`redacted-domain.com`)" routerName=nginx@docker providerName=letsencrypt.acme
time="2021-03-07T02:42:43Z" level=debug msg="Loading ACME certificates [redacted-domain.com]..." routerName=nginx@docker providerName=letsencrypt.acme rule="Host(`redacted-domain.com`)"
time="2021-03-07T02:42:43Z" level=debug msg="legolog: [INFO] [redacted-domain.com] acme: Obtaining bundled SAN certificate"
time="2021-03-07T02:42:44Z" level=debug msg="legolog: [INFO] [redacted-domain.com] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/<redacted>"
time="2021-03-07T02:42:44Z" level=debug msg="legolog: [INFO] [redacted-domain.com] acme: use tls-alpn-01 solver"
time="2021-03-07T02:42:44Z" level=debug msg="legolog: [INFO] [redacted-domain.com] acme: Trying to solve TLS-ALPN-01"
time="2021-03-07T02:42:44Z" level=debug msg="TLS Challenge Present temp certificate for redacted-domain.com" providerName=tlsalpn.acme
time="2021-03-07T02:42:44Z" level=debug msg="Configuration received from provider tlsalpn.acme: {\"http\":{},\"tls\":{}}" providerName=tlsalpn.acme
time="2021-03-07T02:42:45Z" level=debug msg="Adding certificate for domain(s) acme challenge temp,redacted-domain.com"
time="2021-03-07T02:42:45Z" level=debug msg="No default certificate, generating one"
time="2021-03-07T02:42:45Z" level=debug msg="Added outgoing tracing middleware noop@internal" entryPointName=web routerName=web-to-web-secure@internal middlewareType=TracingForwarder middlewareName=tracing
time="2021-03-07T02:42:45Z" level=debug msg="Creating middleware" middlewareType=RedirectScheme middlewareName=redirect-web-to-web-secure@internal entryPointName=web routerName=web-to-web-secure@internal
time="2021-03-07T02:42:45Z" level=debug msg="Setting up redirection to https 443" middlewareType=RedirectScheme middlewareName=redirect-web-to-web-secure@internal entryPointName=web routerName=web-to-web-secure@internal
time="2021-03-07T02:42:45Z" level=debug msg="Adding tracing to middleware" routerName=web-to-web-secure@internal middlewareName=redirect-web-to-web-secure@internal entryPointName=web
time="2021-03-07T02:42:45Z" level=debug msg="Creating middleware" entryPointName=web middlewareName=traefik-internal-recovery middlewareType=Recovery
time="2021-03-07T02:42:45Z" level=debug msg="Creating middleware" middlewareType=Pipelining entryPointName=web-secure routerName=nginx@docker serviceName=nginx middlewareName=pipelining
time="2021-03-07T02:42:45Z" level=debug msg="Creating load-balancer" entryPointName=web-secure routerName=nginx@docker serviceName=nginx
time="2021-03-07T02:42:45Z" level=debug msg="Creating server 0 http://172.20.0.4:80" serviceName=nginx serverName=0 entryPointName=web-secure routerName=nginx@docker
time="2021-03-07T02:42:45Z" level=debug msg="Added outgoing tracing middleware nginx" routerName=nginx@docker middlewareType=TracingForwarder middlewareName=tracing entryPointName=web-secure
time="2021-03-07T02:42:45Z" level=debug msg="Creating middleware" middlewareName=nextcloud-redirect@file middlewareType=RedirectRegex entryPointName=web-secure routerName=nginx@docker
time="2021-03-07T02:42:45Z" level=debug msg="Setting up redirection from https://(.*)/.well-known/(card|cal)dav to https://$1/remote.php/dav" routerName=nginx@docker middlewareName=nextcloud-redirect@file middlewareType=RedirectRegex entryPointName=web-secure
time="2021-03-07T02:42:45Z" level=debug msg="Adding tracing to middleware" entryPointName=web-secure routerName=nginx@docker middlewareName=nextcloud-redirect@file
time="2021-03-07T02:42:45Z" level=debug msg="Creating middleware" middlewareType=Headers entryPointName=web-secure routerName=nginx@docker middlewareName=nextcloud@file
time="2021-03-07T02:42:45Z" level=debug msg="Setting up secureHeaders from {map[] map[] false [] []  [] [] [] 0 false [] [] false false  map[] false 0 false false false false SAMEORIGIN true true    no-referrer  false}" routerName=nginx@docker middlewareName=nextcloud@file middlewareType=Headers entryPointName=web-secure
time="2021-03-07T02:42:45Z" level=debug msg="Adding tracing to middleware" routerName=nginx@docker middlewareName=nextcloud@file entryPointName=web-secure
time="2021-03-07T02:42:45Z" level=debug msg="Creating middleware" routerName=nginx@docker middlewareName=secureHeaders@file middlewareType=Headers entryPointName=web-secure
time="2021-03-07T02:42:45Z" level=debug msg="Setting up secureHeaders from {map[] map[] false [] []  [] [] [] 0 false [] [] true false  map[] false 31536000 true true true false  false false      false}" entryPointName=web-secure routerName=nginx@docker middlewareName=secureHeaders@file middlewareType=Headers
time="2021-03-07T02:42:45Z" level=debug msg="Adding tracing to middleware" routerName=nginx@docker middlewareName=secureHeaders@file entryPointName=web-secure
time="2021-03-07T02:42:45Z" level=debug msg="Creating middleware" entryPointName=web-secure middlewareName=traefik-internal-recovery middlewareType=Recovery
time="2021-03-07T02:42:45Z" level=debug msg="No default certificate, generating one"
time="2021-03-07T02:42:45Z" level=debug msg="Adding route for redacted-domain.com with TLS options default" entryPointName=web-secure
time="2021-03-07T02:42:45Z" level=debug msg="Try to challenge certificate for domain [redacted-domain.com] found in HostSNI rule" routerName=nginx@docker rule="Host(`redacted-domain.com`)" providerName=letsencrypt.acme
time="2021-03-07T02:42:45Z" level=debug msg="Looking for provided certificate(s) to validate [\"redacted-domain.com\"]..." providerName=letsencrypt.acme routerName=nginx@docker rule="Host(`redacted-domain.com`)"
time="2021-03-07T02:42:45Z" level=debug msg="No ACME certificate generation required for domains [\"redacted-domain.com\"]." providerName=letsencrypt.acme routerName=nginx@docker rule="Host(`redacted-domain.com`)"
time="2021-03-07T02:42:45Z" level=debug msg="TLS Challenge CleanUp temp certificate for redacted-domain.com" providerName=tlsalpn.acme
time="2021-03-07T02:42:45Z" level=debug msg="Configuration received from provider tlsalpn.acme: {\"http\":{},\"tls\":{}}" providerName=tlsalpn.acme
time="2021-03-07T02:42:46Z" level=debug msg="legolog: [INFO] Deactivating auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/<redacted>"
time="2021-03-07T02:42:46Z" level=debug msg="legolog: [INFO] Unable to deactivate the authorization: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/<redacted>"
time="2021-03-07T02:42:46Z" level=error msg="Unable to obtain ACME certificate for domains \"redacted-domain.com\": unable to generate a certificate for the domains [redacted-domain.com]: error: one or more domains had a problem:\n[redacted-domain.com] acme: error: 400 :: urn:ietf:params:acme:error:connection :: Connection refused\n" providerName=letsencrypt.acme rule="Host(`redacted-domain.com`)" routerName=nginx@docker
time="2021-03-07T02:42:47Z" level=debug msg="Added outgoing tracing middleware noop@internal" routerName=web-to-web-secure@internal middlewareName=tracing middlewareType=TracingForwarder entryPointName=web
time="2021-03-07T02:42:47Z" level=debug msg="Creating middleware" middlewareType=RedirectScheme entryPointName=web routerName=web-to-web-secure@internal middlewareName=redirect-web-to-web-secure@internal
time="2021-03-07T02:42:47Z" level=debug msg="Setting up redirection to https 443" routerName=web-to-web-secure@internal middlewareName=redirect-web-to-web-secure@internal middlewareType=RedirectScheme entryPointName=web
time="2021-03-07T02:42:47Z" level=debug msg="Adding tracing to middleware" entryPointName=web routerName=web-to-web-secure@internal middlewareName=redirect-web-to-web-secure@internal
time="2021-03-07T02:42:47Z" level=debug msg="Creating middleware" entryPointName=web middlewareName=traefik-internal-recovery middlewareType=Recovery
time="2021-03-07T02:42:47Z" level=debug msg="Creating middleware" routerName=nginx@docker serviceName=nginx middlewareName=pipelining middlewareType=Pipelining entryPointName=web-secure
time="2021-03-07T02:42:47Z" level=debug msg="Creating load-balancer" entryPointName=web-secure routerName=nginx@docker serviceName=nginx
time="2021-03-07T02:42:47Z" level=debug msg="Creating server 0 http://172.20.0.4:80" serviceName=nginx serverName=0 entryPointName=web-secure routerName=nginx@docker
time="2021-03-07T02:42:47Z" level=debug msg="Added outgoing tracing middleware nginx" middlewareName=tracing middlewareType=TracingForwarder entryPointName=web-secure routerName=nginx@docker
time="2021-03-07T02:42:47Z" level=debug msg="Creating middleware" routerName=nginx@docker entryPointName=web-secure middlewareName=nextcloud-redirect@file middlewareType=RedirectRegex
time="2021-03-07T02:42:47Z" level=debug msg="Setting up redirection from https://(.*)/.well-known/(card|cal)dav to https://$1/remote.php/dav" routerName=nginx@docker entryPointName=web-secure middlewareName=nextcloud-redirect@file middlewareType=RedirectRegex
time="2021-03-07T02:42:47Z" level=debug msg="Adding tracing to middleware" routerName=nginx@docker entryPointName=web-secure middlewareName=nextcloud-redirect@file
time="2021-03-07T02:42:47Z" level=debug msg="Creating middleware" middlewareName=nextcloud@file middlewareType=Headers entryPointName=web-secure routerName=nginx@docker
time="2021-03-07T02:42:47Z" level=debug msg="Setting up secureHeaders from {map[] map[] false [] []  [] [] [] 0 false [] [] false false  map[] false 0 false false false false SAMEORIGIN true true    no-referrer  false}" middlewareType=Headers entryPointName=web-secure routerName=nginx@docker middlewareName=nextcloud@file
time="2021-03-07T02:42:47Z" level=debug msg="Adding tracing to middleware" routerName=nginx@docker entryPointName=web-secure middlewareName=nextcloud@file
time="2021-03-07T02:42:47Z" level=debug msg="Creating middleware" middlewareType=Headers entryPointName=web-secure routerName=nginx@docker middlewareName=secureHeaders@file
time="2021-03-07T02:42:47Z" level=debug msg="Setting up secureHeaders from {map[] map[] false [] []  [] [] [] 0 false [] [] true false  map[] false 31536000 true true true false  false false      false}" middlewareType=Headers entryPointName=web-secure routerName=nginx@docker middlewareName=secureHeaders@file
time="2021-03-07T02:42:47Z" level=debug msg="Adding tracing to middleware" entryPointName=web-secure routerName=nginx@docker middlewareName=secureHeaders@file
time="2021-03-07T02:42:47Z" level=debug msg="Creating middleware" entryPointName=web-secure middlewareType=Recovery middlewareName=traefik-internal-recovery
time="2021-03-07T02:42:47Z" level=debug msg="No default certificate, generating one"
time="2021-03-07T02:42:47Z" level=debug msg="No default certificate, generating one"
time="2021-03-07T02:42:47Z" level=debug msg="Adding route for redacted-domain.com with TLS options default" entryPointName=web-secure
time="2021-03-07T02:42:47Z" level=debug msg="Try to challenge certificate for domain [redacted-domain.com] found in HostSNI rule" providerName=letsencrypt.acme routerName=nginx@docker rule="Host(`redacted-domain.com`)"
time="2021-03-07T02:42:47Z" level=debug msg="Looking for provided certificate(s) to validate [\"redacted-domain.com\"]..." providerName=letsencrypt.acme routerName=nginx@docker rule="Host(`redacted-domain.com`)"
time="2021-03-07T02:42:47Z" level=debug msg="Domains [\"redacted-domain.com\"] need ACME certificates generation for domains \"redacted-domain.com\"." rule="Host(`redacted-domain.com`)" providerName=letsencrypt.acme routerName=nginx@docker
time="2021-03-07T02:42:47Z" level=debug msg="Loading ACME certificates [redacted-domain.com]..." providerName=letsencrypt.acme routerName=nginx@docker rule="Host(`redacted-domain.com`)"
time="2021-03-07T02:42:47Z" level=debug msg="legolog: [INFO] [redacted-domain.com] acme: Obtaining bundled SAN certificate"
time="2021-03-07T02:42:47Z" level=debug msg="legolog: [INFO] [redacted-domain.com] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/<redacted>"
time="2021-03-07T02:42:47Z" level=debug msg="legolog: [INFO] [redacted-domain.com] acme: use tls-alpn-01 solver"
time="2021-03-07T02:42:47Z" level=debug msg="TLS Challenge Present temp certificate for redacted-domain.com" providerName=tlsalpn.acme
time="2021-03-07T02:42:47Z" level=debug msg="legolog: [INFO] [redacted-domain.com] acme: Trying to solve TLS-ALPN-01"
time="2021-03-07T02:42:48Z" level=debug msg="Configuration received from provider tlsalpn.acme: {\"http\":{},\"tls\":{}}" providerName=tlsalpn.acme
time="2021-03-07T02:42:49Z" level=debug msg="Adding certificate for domain(s) acme challenge temp,redacted-domain.com"
time="2021-03-07T02:42:49Z" level=debug msg="No default certificate, generating one"
time="2021-03-07T02:42:49Z" level=debug msg="Added outgoing tracing middleware noop@internal" middlewareType=TracingForwarder entryPointName=web routerName=web-to-web-secure@internal middlewareName=tracing
time="2021-03-07T02:42:49Z" level=debug msg="Creating middleware" middlewareType=RedirectScheme entryPointName=web routerName=web-to-web-secure@internal middlewareName=redirect-web-to-web-secure@internal
time="2021-03-07T02:42:49Z" level=debug msg="Setting up redirection to https 443" middlewareType=RedirectScheme entryPointName=web routerName=web-to-web-secure@internal middlewareName=redirect-web-to-web-secure@internal
time="2021-03-07T02:42:49Z" level=debug msg="Adding tracing to middleware" routerName=web-to-web-secure@internal middlewareName=redirect-web-to-web-secure@internal entryPointName=web
time="2021-03-07T02:42:49Z" level=debug msg="Creating middleware" entryPointName=web middlewareName=traefik-internal-recovery middlewareType=Recovery
time="2021-03-07T02:42:49Z" level=debug msg="Creating middleware" serviceName=nginx middlewareName=pipelining middlewareType=Pipelining entryPointName=web-secure routerName=nginx@docker
time="2021-03-07T02:42:49Z" level=debug msg="Creating load-balancer" entryPointName=web-secure routerName=nginx@docker serviceName=nginx
time="2021-03-07T02:42:49Z" level=debug msg="Creating server 0 http://172.20.0.4:80" entryPointName=web-secure routerName=nginx@docker serviceName=nginx serverName=0
time="2021-03-07T02:42:49Z" level=debug msg="Added outgoing tracing middleware nginx" middlewareName=tracing middlewareType=TracingForwarder entryPointName=web-secure routerName=nginx@docker
time="2021-03-07T02:42:49Z" level=debug msg="Creating middleware" middlewareType=RedirectRegex entryPointName=web-secure routerName=nginx@docker middlewareName=nextcloud-redirect@file
time="2021-03-07T02:42:49Z" level=debug msg="Setting up redirection from https://(.*)/.well-known/(card|cal)dav to https://$1/remote.php/dav" middlewareName=nextcloud-redirect@file middlewareType=RedirectRegex entryPointName=web-secure routerName=nginx@docker
time="2021-03-07T02:42:49Z" level=debug msg="Adding tracing to middleware" entryPointName=web-secure routerName=nginx@docker middlewareName=nextcloud-redirect@file
time="2021-03-07T02:42:49Z" level=debug msg="Creating middleware" entryPointName=web-secure routerName=nginx@docker middlewareName=nextcloud@file middlewareType=Headers
time="2021-03-07T02:42:49Z" level=debug msg="Setting up secureHeaders from {map[] map[] false [] []  [] [] [] 0 false [] [] false false  map[] false 0 false false false false SAMEORIGIN true true    no-referrer  false}" entryPointName=web-secure routerName=nginx@docker middlewareName=nextcloud@file middlewareType=Headers
time="2021-03-07T02:42:49Z" level=debug msg="Adding tracing to middleware" entryPointName=web-secure routerName=nginx@docker middlewareName=nextcloud@file
time="2021-03-07T02:42:49Z" level=debug msg="Creating middleware" entryPointName=web-secure routerName=nginx@docker middlewareName=secureHeaders@file middlewareType=Headers
time="2021-03-07T02:42:49Z" level=debug msg="Setting up secureHeaders from {map[] map[] false [] []  [] [] [] 0 false [] [] true false  map[] false 31536000 true true true false  false false      false}" middlewareType=Headers entryPointName=web-secure routerName=nginx@docker middlewareName=secureHeaders@file
time="2021-03-07T02:42:49Z" level=debug msg="Adding tracing to middleware" entryPointName=web-secure routerName=nginx@docker middlewareName=secureHeaders@file
time="2021-03-07T02:42:49Z" level=debug msg="Creating middleware" entryPointName=web-secure middlewareName=traefik-internal-recovery middlewareType=Recovery
time="2021-03-07T02:42:49Z" level=debug msg="No default certificate, generating one"
time="2021-03-07T02:42:50Z" level=debug msg="Serving default certificate for request: \"redacted-domain.com\""
time="2021-03-07T02:42:50Z" level=debug msg="Adding route for redacted-domain.com with TLS options default" entryPointName=web-secure
time="2021-03-07T02:42:50Z" level=debug msg="Try to challenge certificate for domain [redacted-domain.com] found in HostSNI rule" routerName=nginx@docker rule="Host(`redacted-domain.com`)" providerName=letsencrypt.acme
time="2021-03-07T02:42:50Z" level=debug msg="Looking for provided certificate(s) to validate [\"redacted-domain.com\"]..." rule="Host(`redacted-domain.com`)" providerName=letsencrypt.acme routerName=nginx@docker
time="2021-03-07T02:42:50Z" level=debug msg="No ACME certificate generation required for domains [\"redacted-domain.com\"]." providerName=letsencrypt.acme routerName=nginx@docker rule="Host(`redacted-domain.com`)"
time="2021-03-07T02:42:50Z" level=debug msg="TLS Challenge CleanUp temp certificate for redacted-domain.com" providerName=tlsalpn.acme
time="2021-03-07T02:42:50Z" level=debug msg="Configuration received from provider tlsalpn.acme: {\"http\":{},\"tls\":{}}" providerName=tlsalpn.acme
time="2021-03-07T02:42:50Z" level=debug msg="legolog: [INFO] Deactivating auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/<redacted>"
time="2021-03-07T02:42:51Z" level=debug msg="legolog: [INFO] Unable to deactivate the authorization: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/<redacted>"
time="2021-03-07T02:42:51Z" level=error msg="Unable to obtain ACME certificate for domains \"redacted-domain.com\": unable to generate a certificate for the domains [redacted-domain.com]: error: one or more domains had a problem:\n[redacted-domain.com] acme: error: 400 :: urn:ietf:params:acme:error:connection :: Connection refused\n" providerName=letsencrypt.acme routerName=nginx@docker rule="Host(`redacted-domain.com`)"

Playbook git diff


diff --git a/ansible.cfg b/ansible.cfg
index e6c4a18..37fdbdf 100644
--- a/ansible.cfg
+++ b/ansible.cfg
@@ -6,6 +6,7 @@ interpreter_python = python3
 callback_whitelist = profile_tasks
 retry_files_enabled = False
 host_key_checking = False
+pipelining = True

 # Use the YAML callback plugin.
 stdout_callback = yaml
diff --git a/inventory b/inventory
index 7163eea..c91aadf 100644
--- a/inventory
+++ b/inventory
@@ -6,15 +6,15 @@ localhost ansible_connection=local
 ### Preliminary variables ###

 # The domain name for your Nextcloud instance. You'll get a Let's Encrypt certificate for this domain.
-nextcloud_server_fqdn       = nextcloud.example.tld
+nextcloud_server_fqdn       = redacted-domain.com

 # Your email address (for Let's Encrypt).
-ssl_cert_email              = 
+ssl_cert_email              = redacted@redacted-domain.com

 ### Nextcloud variables ###

 # Choose a directory for your Nextcloud data.
-nextcloud_base_dir          = /opt/nextcloud
+nextcloud_base_dir          = /opt/nextcloud2

 # Choose a username and password for your Nextcloud admin user.
 nextcloud_admin             = 'admin'
diff --git a/roles/docker_container/templates/traefik.yaml.j2 b/roles/docker_container/templates/traefik.yaml.j2
index 3e144d9..3e27079 100644
--- a/roles/docker_container/templates/traefik.yaml.j2
+++ b/roles/docker_container/templates/traefik.yaml.j2
@@ -29,7 +29,7 @@ providers:
     filename: 'dynamic.yaml'

 log:
-  level: error
+  level: debug

 {% if ssl_cert_email is defined %}
 certificatesResolvers:
@@ -38,6 +38,7 @@ certificatesResolvers:
       email: "{{ ssl_cert_email }}"
       storage: 'acme.json'
       tlsChallenge: {}
+      caServer: https://acme-staging-v02.api.letsencrypt.org/directory
 {% endif %}
 {% if acme_provider is defined %}
       dnsChallenge:
ReinerNippes commented 3 years ago

since this more a traefik problem I would advice to ask this question in the traefik forum. or?

signedbit commented 3 years ago

Hi Reiner, asked here since a fresh clone of this playbook produces the issue. Last time I cloned your repo was a year ago and it worked perfectly (same host, same server, same provision.) Traefik forum would probably point me back to here.

Pokerkoffer commented 3 years ago

nginx is not listening on ipv6. I stumbled across the same error. You can easily confirm this by entering the ipv6 address in your browser or run curl -v [< ipv6 >].

I am currently trying to figure out what went wrong and will post my results.

signedbit commented 2 years ago

Following up. I dug through the documentation and figured out that the following diff succeeds. @ReinerNippes if I submit a PR will you merge it? 

$ git diff roles/docker_container/templates/traefik.yaml.j2
diff --git a/roles/docker_container/templates/traefik.yaml.j2 b/roles/docker_container/templates/traefik.yaml.j2
index 3e144d9..60e131d 100644
--- a/roles/docker_container/templates/traefik.yaml.j2
+++ b/roles/docker_container/templates/traefik.yaml.j2
@@ -37,7 +37,9 @@ certificatesResolvers:
     acme:
       email: "{{ ssl_cert_email }}"
       storage: 'acme.json'
-      tlsChallenge: {}
+      #tlsChallenge: {}
+      httpChallenge:
+        entryPoint: web
 {% endif %}
 {% if acme_provider is defined %}
       dnsChallenge:

I don't remember exactly why it works, this was months ago. There are still some scary messages in Traefik debug logs, but NextCloud over TLS works fine.

ReinerNippes commented 2 years ago

I would like to enable all three acme challenge methods. https://doc.traefik.io/traefik/https/acme/#the-different-acme-challenges

Let me figure out how to make it easy for users how to setup the correct challenge method with ansible variables.