-
Notifications
You must be signed in to change notification settings - Fork 4.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Wildcard certificate generation with digital ocean dns: unexpected response code NOTIMPL #4088
Comments
The error comes when Lego (the lib we use to manage Let's Encrypt) try to find the zone for the FQDN. This error comes when the DNS server don't implement SOA query. https://tools.ietf.org/html/rfc1035
So I suppose you defined some custom DNS server as name server and maybe you are using a DNS proxy or a corporate DNS proxy. Could you give more information about your environment? |
Thanks for the fast response during the Great Github Outage :) Yes I also checked the source code of Lego library and found the relevant method. I was not sure however why the server would return a NOTIMPL and that is the reason I tried to use certbot to see if that works. How come certbot works but not Lego..? I assume there is something specific Lego needs..? I'm not sure exactly what you mean by custom DNS server, as I'm using Digital Ocean's nameservers. The environment is described below: On a typical macbook (high sierra) I have a local vagrant machine that runs docker and traefik. I am using a domain (lets say example.com) that is managed by Digital Ocean nameservers.
I'm not using any custom DNS server or proxy, all dns queries go directly to DO nameservers which resolve to the local IP of the virtual machine. Thanks again for looking into this! |
Thanks for opening this issue! We need further information to better understand the problem you're facing 🤔 Could you please join us on our Slack workspace and reach out to us on the (#support channel)? We're looking forward to talking to you there! |
Many thanks to the team for helping to resolve this! In short: The root cause was identified by issuing a |
Do you want to request a feature or report a bug?
Bug
What did you do?
I tried to configure traefik in order to setup LetsEncrypt with Docker for wildcard certificates with DNS of digital ocean. The project is fairly simple: a single node at
monitor.local.example.com
hosting a Prometheus stack where each component is a docker container and listens to different subdomain. Eg:alertmanager.monitor.local.example.com
prometheus.monitor.local.example.com
grafana.monitor.local.example.com
I kept receiving error messages (as you can see in the next sections) and couldn't make it work.
In order to verify if something is wrong with the letsencrypt side I used certbot for the same wildcard domain I have configured in traefik.toml and I was able to successfully generate the certificates.
At this point it is not clear to me from the existing documentation if I'm doing something wrong or if this is indeed a bug in traefik.
The code I used to verify that certificates can be generated with certbot:
What did you expect to see?
The certificates being generated.
What did you see instead?
Output of
traefik version
: (What version of Traefik are you using?)What is your environment & configuration (arguments, toml, provider, platform, ...)?
If applicable, please paste the log output in DEBUG level (
--logLevel=DEBUG
switch)logs
The text was updated successfully, but these errors were encountered: