search

go-acme / lego

Let's Encrypt/ACME client and library written in Go
https://go-acme.github.io/lego/
MIT License
7.84k stars 1.01k forks source link

Certificates in Traefik using DNS challenge with provider all-inkl.com not working anymore #1902

Closed schossel closed 1 year ago

schossel commented 1 year ago

Welcome

What did you expect to see?

I'm using Traefik in the latest version in Docker and until 2-3 days ago it worked for 3 domains. I wanted a new certificate today and it's not working anymore.

What did you see instead?

The Traefik log shows a error which is comin, in my opinion, from lego.

How do you use lego?

Through Traefik

Reproduction steps

Starting the Traefik Container with this config

This is the Traefik config which worked until a few days ago

version: '3'

services:
 traefik:
   image: traefik:latest
   container_name: traefik
   restart: unless-stopped
   security_opt:
     - no-new-privileges:true
   networks:
     - traefik_proxy
   ports:
     - 80:80
     - 443:443

   environment:
     - ALL_INKL_LOGIN=1111111
     - ALL_INKL_PASSWORD=xxxxxxxxxxxxxx
     - ALL_INKL_HTTP_TIMEOUT=10
     #- ALL_INKL_POLLING_INTERVAL
     #- ALL_INKL_PROPAGATION_TIMEOUT=
   volumes:
     - /etc/localtime:/etc/localtime:ro
     - /var/run/docker.sock:/var/run/docker.sock:ro
     - /mnt/docker/traefik/data/traefik.yml:/traefik.yml:ro
     - /mnt/docker/traefik/data/acme.json:/acme.json
     - /mnt/docker/traefik/data/config.yml:/config.yml:ro

   labels:
     - "traefik.enable=true"
     - "traefik.http.routers.traefik.entrypoints=http"
     - "traefik.http.routers.traefik.rule=Host(`traefik.domain1.de`)"

     - "traefik.http.middlewares.traefik-auth.basicauth.users=admin:xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
     - "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
     - "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
     - "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
     - "traefik.http.routers.traefik-secure.entrypoints=https"
     - "traefik.http.routers.traefik-secure.rule=Host(`traefik.domain1.de`)"
     - "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
     - "traefik.http.routers.traefik-secure.tls=true"
     - "traefik.http.routers.traefik-secure.tls.certresolver=allinkl"
     #- "traefik.http.routers.traefik-secure.tls.domains[0].main=local.example.com"
     - "traefik.http.routers.traefik-secure.tls.domains[0].sans=*.domain1.de"
     - "traefik.http.routers.traefik-secure.tls.domains[1].sans=*.domain2.de"
     - "traefik.http.routers.traefik-secure.tls.domains[2].main=domain3.de"
     - "traefik.http.routers.traefik-secure.tls.domains[2].sans=*.domain3.de"
     - "traefik.http.routers.traefik-secure.tls.domains[3].main=domain4.de"
     - "traefik.http.routers.traefik-secure.tls.domains[3].sans=*.domain4.de"
     - "traefik.http.routers.traefik-secure.service=api@internal"` `

Version of lego

Traefik version is 2.9.10, I don't know how to get the lego version in the Traefik container.

Logs

```console time="2023-04-24T17:44:33Z" level=info msg="Configuration loaded from file: /traefik.yml" time="2023-04-24T17:44:58Z" level=error msg="Unable to obtain ACME certificate for domains \"*.domain4.de\"" error="unable to generate a certificate for the domains [*.domain4.de]: error: one or more domains had a problem:\n[*.domain4.de] [*.domain4.de] acme: error presenting token: allinkl: request execution: Post \"https://kasapi.kasserver.com/soap/KasAuth.php\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)\n" providerName=allinkl.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory" routerName=traefik-secure@docker rule="Host(`traefik.domain1.de`)" ```

Go environment (if applicable)

```console $ go version && go env # paste output here ```
ldez commented 1 year ago

Hello,

allinkl: request execution: Post \"https://kasapi.kasserver.com/soap/KasAuth.php\": context deadline exceeded (Client.Timeout exceeded while awaiting headers)

You have a timeout, the most likely reason is a network problem: you should check your firewall, your local DNS, etc.

schossel commented 1 year ago

It seems you're on the right idea. For whatever reason I can ping kasapi.kasserver.com but I can't curl it from that specific machine. All the other ones are working. Sorry, for the incovenience but I tested with posh-acme and a few other things and everything was working but in hindsight it was all on different machines. Thanks for the help anyways!