Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Hello, I have two .cz domains and one .eu domain. I am using Traefik for Let's Encrypt DNS challenge and Traefik is using LEGO. Two .cz domains were without problem but .eu domain challenge gives me error
Maybe I just found where is my problem. Is really LEGO is making any DNS queries from machine it runs on?
Yes, Lego performs recursive DNS requests on the machine it runs on. It tries, in order:
If you've started Lego with the
The Cloudflare error happens, because in order to update DNS records for the domain you're trying to obtain certificates for, Lego needs to find the "apex name" for that domain. This is the domain, for which a SOA records exists.
Example: if you want a certificate for
$ dig -t SOA foo.bar.mydomain.eu +recurse +nocomment ;foo.bar.mydomain.eu. IN SOA foo.bar.mydomain.eu. 300 IN CNAME mydomain.eu mydomain.eu. 3600 IN SOA adi.ns.cloudflare.com. dns.cloudflare.com. 2032109425 10000 2400 604800 3600
Here, the apex domain is the first entry in the last line (
Lego then proceeds to query the Cloudflare API for information on the
If your DNS server instead returns something like this:
$ dig -t SOA foo.bar.mydomain.eu +recurse +nocomment ;foo.bar.mydomain.eu. IN SOA eu. ... whatever
then Lego detects