Documentation and `.env.sample` comments could use clarification

[mcmikemn]

The self hosting docs and the comments in .env.sample could use a clarification.

The comments in .env.sample say that self-hosters don't need DOMAIN_LEDNS, but I think we do.

# Direct subdomain, using Let's Encrypt certificates
DOMAIN_LE=

# Let's Encrypt account email
LE_EMAIL=

# --- Let's Encrypt DNS related variables, not needed for self-hosting
DOMAIN_LEDNS=

# --- host list
HTTP_HOST_LIST=

I entered only DOMAIN_LE and LE_EMAIL...

DOMAIN_LE=*.mydomain.com
LE_EMAIL=le@mydomain.com
DOMAIN_LEDNS=
HTTP_HOST_LIST=

...but I got:

Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. You may need to use an authenticator plugin that can do challenges over DNS.

To get past that, I added a value to DOMAIN_LEDNS even though the comment says I don't need it:

DOMAIN_LE=*.mydomain.com
LE_EMAIL=le@mydomain.com
DOMAIN_LEDNS=mydomain.com
HTTP_HOST_LIST=

(I'm not sure what HTTP_HOST_LIST is for)

[hyperknot]

It's definitely not needed for a normal setup. What is your DNS setup? Cloudflare with orange cloud?

[mcmikemn]

I host my DNS zone on Digital Ocean. I have a droplet with Traefik on it that is VPNed (wireguard) to Traefik on a server in my homelab which then forwards traffic to the appropraite Docker container.

[hyperknot]

So ledns is a very special feature for getting the certificates on one server, uploading it to a bucket and then downloading it to the http-host servers. You definitely don't need it.

If you have a Traefik server, then you don't need LE at all on this, I believe Traefik is handling the certificates for you. In this case, just set SKIP_LETSENCRYPT=true. Can you try it like this with DOMAIN_LE?

[mcmikemn]

Yes, I'll give that a shot soon and let you know the results. Thanks!