ACME Error - CloudFlare failed to find zone is.

[grantbevis]

Do you want to request a feature or report a bug?

Bug

What did you do?

Unable to browse to applications behind traefik proxy as no certificate available and it's not auto-renewed. Regenerated CloudFlare Global API key and tested the key in another application for updating A records and that works so I think this is a Traefik problem.

What did you expect to see?

Traefik to complete the dns-01 challenge and pull in a new wildcard

What did you see instead?

time="2019-03-11T10:01:10Z" level=error msg="Unable to obtain ACME certificate for domains ".xxxx.is,xxxx.is" : unable to generate a certificate for the domains [.xxxx.is xxxx.is]: acme: Error -> One or more domains had a problem:\n[.xxxx.is] [.xxxx.is] acme: error presenting token: cloudflare: failed to find zone is.: Zone could not be found\n[xxxx.is] [xxxx.is] acme: error presenting token: cloudflare: failed to find zone is.: Zone could not be found\n"

Output of traefik version: (What version of Traefik are you using?)

Version:      v1.7.9
Codename:     maroilles
Go version:   go1.11.5
Built:        2019-02-11_11:36:32AM
OS/Arch:      linux/amd64

What is your environment & configuration (arguments, toml, provider, platform, ...)?

logLevel = "DEBUG" #DEBUG, INFO, WARN, ERROR, FATAL, PANIC
defaultEntryPoints = ["http", "https"]

[entryPoints]
  [entryPoints.http]
    address = ":80"
    [entryPoints.http.redirect]
      entryPoint = "https"
  [entryPoints.https]
    address = ":443"
    [entryPoints.https.tls]

[acme]
email = "xxxx"
storage = "/etc/traefik/acme/acme.json"
entryPoint = "https"
acmeLogging = true
onHostRule = true
  [acme.dnsChallenge]
  provider = "cloudflare"
  delayBeforeCheck = 0

[[acme.domains]]
  main = "*.xxxx.is"
  sans = ["xxxx.is"]

[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "xxxx.is"
watch = true
exposedbydefault = false

[file]
  filename = "/rules.toml"
  watch = true
[api]
entryPoint = "traefik"
dashboard = true
address = ":8080"

If applicable, please paste the log output in DEBUG level (--logLevel=DEBUG switch)

time="2019-03-11T10:01:08Z" level=info msg="legolog: [INFO] [*.xxxx.is, xxxx.is] acme: Obtaining bundled SAN certificate"
time="2019-03-11T10:01:09Z" level=info msg="legolog: [INFO] [*.xxxx.is] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz/<snip>"
time="2019-03-11T10:01:09Z" level=info msg="legolog: [INFO] [xxxx.is] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz/<snip>"
time="2019-03-11T10:01:09Z" level=info msg="legolog: [INFO] [xxxx.is] acme: Could not find solver for: tls-alpn-01"
time="2019-03-11T10:01:09Z" level=info msg="legolog: [INFO] [xxxx.is] acme: Could not find solver for: http-01"
time="2019-03-11T10:01:09Z" level=info msg="legolog: [INFO] [xxxx.is] acme: use dns-01 solver"
time="2019-03-11T10:01:09Z" level=info msg="legolog: [INFO] [*.xxxx.is] acme: use dns-01 solver"
time="2019-03-11T10:01:09Z" level=info msg="legolog: [INFO] [xxxx.is] acme: Preparing to solve DNS-01"
time="2019-03-11T10:01:09Z" level=info msg="legolog: [INFO] [*.xxxx.is] acme: Preparing to solve DNS-01"
time="2019-03-11T10:01:09Z" level=info msg="legolog: [INFO] [xxxx.is] acme: Cleaning DNS-01 challenge"
time="2019-03-11T10:01:09Z" level=info msg="legolog: [WARN] [xxxx.is] acme: error cleaning up: cloudflare: failed to find zone is.: Zone could not be found "
time="2019-03-11T10:01:09Z" level=info msg="legolog: [INFO] [*.xxxx.is] acme: Cleaning DNS-01 challenge"
time="2019-03-11T10:01:10Z" level=info msg="legolog: [WARN] [*.xxxx.is] acme: error cleaning up: cloudflare: failed to find zone is.: Zone could not be found "

[ldez]

Hello, it looks like it's a domain resolution problem.
Could you try to define some resolver:
https://docs.traefik.io/v1.7/configuration/acme/#resolvers

[grantbevis]

Hi Idez,

I just added the following to my acme portion of the config;

[acme]
email = "<snip>"
storage = "/etc/traefik/acme/acme.json"
entryPoint = "https"
acmeLogging = true
onHostRule = true
resolvers = ["1.1.1.1:53", "8.8.8.8:53"]
  [acme.dnsChallenge]
  provider = "cloudflare"
  delayBeforeCheck = 0

to no avail, still getting the same error.

[grantbevis]

Have upgraded to the 2.0 docker image, still no change

time="2019-03-21T11:22:45Z" level=error msg="Error renewing certificate from LE: {*.xxxx.is [xxxx.is]}, acme: Error -> One or more domains had a problem:\n[*.xxxx.is] [*.xxxx.is] acme: error presenting token: cloudflare: failed to find zone is.: Zone could not be found\n[xxxx.is] [xxxx.is] acme: error presenting token: cloudflare: failed to find zone is.: Zone could not be found\n" providerName=acme

[grantbevis]

Just to put all the info here I can I have also changed my envars on the container to use the new CF_API_EMAIL, CF_API_KEY vars with my details. I've ran docker inspect and these are correct.

I'm able to see my domain in Cloudflare without issue but I'm wondering if it's a DNS issue as it's saying it can't find the zone is. which the TLD for my domain is: .is

[invaderdag]

I am having this same problem, except I have a .com TLD

[invaderdag]

I resolved the issue, the problem was due to DNS on my end

[grantbevis]

Thanks invaderdag, you made me re-evaluate my infrastructure and I found that my dnsmasq server for the network was using domain-name xxxx.is as an option so I wasn't able to resolve the domain weirdly.

I had set different resolvers in my traefik.toml but it didn't seem to use them. I have a new problem now where all my backends are saying 404 gateway not found but I will troubleshoot that properly and open an issue as needed.