[ACME] DNS Challenge not working together with HTTP Challenge

[gbhrdt]

We are using ACME for all our certificates and it's been a huge helper.

The DNS Challenge is only needed for our wildcard certificate of our main domain (funnelcockpit.com). Many of our customers have their own subdomain and due to rate limiting from Lets Encrypt we are forced to use a wildcard certificate.

Also, lots of customers are using their own domain instead of our subdomain. We use the ACME onDemand rule for this and it's working very well. But we need to use the HTTP challenge, because we do not have access to our customer's DNS records. Unfortunately it's not compatible with the DNS challenge :-(.

We need both - HTTP and DNS challenge working together.
In my opinion the DNS challenge should only be used with the domains inside the acme.domains section. All other domains should use the HTTP challenge.

example config with dns and http challenge enabled:

defaultEntryPoints = ["https","http"]

[file]
watch = true

[entryPoints]
  [entryPoints.http]
  address = ":80"
  compress = true
    [entryPoints.http.redirect]
    entryPoint = "https"
  [entryPoints.https]
  address = ":443"
  compress = true
  [entryPoints.https.tls]

[acme]
email = "[..]@example.org"
storage = "/certs/acme.json"
entryPoint = "https"
onDemand = true
onHostRule = true
acmeLogging = true

[[acme.domains]]
  main = "*.funnelcockpit.com"
  sans = ["funnelcockpit.com"]

[acme.dnsChallenge]
  provider = "cloudflare"
  delayBeforeCheck = 0

[acme.httpChallenge]
  entryPoint = "http"

[traefiker]

Hi! I'm Træfiker 🤖 the bot in charge of communication regulation.

Thanks for your interest in Træfik!

Issue templates help us help you by providing all necessary information.

Please edit your issue and use the available templates:

• Feature request
• Bug report

And remember: each time someone ignores the template, a cute little bunny dies.

#SaveTheCuteBunny ❤️ 🐰 ❤️

[nmengin]

I close the issue in favor of #3378