Ich versuche ein Wildcard zu erstellen mit Traefik:
Code
version: '3'
services:
traefik:
image: traefik:latest
container_name: traefik
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
- proxy
ports:
- 80:80
- 443:443
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./config/traefik.yml:/traefik.yml:ro
- ./config/dynamic_conf.yml:/dynamic_conf.yml
- ./config/acme/acme.json:/acme.json
- ./config/logs/traefik.log:/logs/traefik.log
- ./config/logs/access.log:/logs/access.log
environment:
- NETCUP_CUSTOMER_NUMBER=${NETCUP_CUSTOMER_NUMBER}
- NETCUP_API_KEY=${NETCUP_API_KEY}
- NETCUP_API_PASSWORD=${NETCUP_API_PASSWORD}
labels:
- "traefik.enable=true"
- "traefik.http.routers.traefik.entrypoints=http"
- "traefik.http.routers.traefik.rule=Host(`traefik.${DOMAINNAME}`)"
- "traefik.http.middlewares.traefik-auth.basicauth.users=${TUSER}:${PUSER}"
- "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
- "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
- "traefik.http.routers.traefik-secure.entrypoints=https"
- "traefik.http.routers.traefik-secure.rule=Host(`traefik.${DOMAINNAME}`)"
- "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
- "traefik.http.routers.traefik-secure.tls=true"
- "traefik.http.routers.traefik-secure.tls.certresolver=netcup"
- "traefik.http.routers.traefik-secure.tls.domains[0].main=${DOMAINNAME}"
- "traefik.http.routers.traefik-secure.tls.domains[0].sans=*.${DOMAINNAME}"
- "traefik.http.routers.traefik-secure.service=api@internal"
- "providers.file.filename=/dynamic_conf.yml"
networks:
proxy:
external: true
Alles anzeigen
Code
global:
checkNewVersion: true
sendAnonymousUsage: false
log:
filePath: "./logs/traefik.log"
# DEBUG, PANIC, FATAL, ERROR, WARN, and INFO.
level: DEBUG
accessLog:
filePath: "./logs/access.log"
bufferingSize: 100
api:
dashboard: true
entryPoints:
http:
address: ":80"
https:
address: ":443"
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false
file:
filename: "/dynamic_conf.yml"
certificatesResolvers:
netcup:
acme:
email: letsencrypt@**********.de
storage: acme.json
keyType: RSA4096
caServer: https://acme-v02.api.letsencrypt.org/directory
dnsChallenge:
provider: netcup
delayBeforeCheck: 300
resolvers:
- "root-dns.netcup.net:53"
- "second-dns.netcup.net:53"
- "third-dns.netcup.net:53"
- "8.8.8.8:53"
- "1.1.1.1:53"
Alles anzeigen
Code
tls:
options:
default:
minVersion: VersionTLS12
cipherSuites:
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
- TLS_AES_128_GCM_SHA256
- TLS_AES_256_GCM_SHA384
- TLS_CHACHA20_POLY1305_SHA256
curvePreferences:
- CurveP521
- CurveP384
sniStrict: true
http:
middlewares:
secHeaders:
headers:
browserXssFilter: true
contentTypeNosniff: true
frameDeny: true
sslRedirect: true
#HSTS Configuration
stsIncludeSubdomains: true
stsPreload: true
stsSeconds: 31536000
customFrameOptionsValue: "SAMEORIGIN"
Alles anzeigen
Hier das Log:
Code
tail -f config/logs/traefik.log
time="2022-05-20T16:40:36+02:00" level=debug msg="legolog: [INFO] [*.**********.de] acme: use dns-01 solver"
time="2022-05-20T16:40:36+02:00" level=debug msg="legolog: [INFO] [**********.de] acme: Could not find solver for: tls-alpn-01"
time="2022-05-20T16:40:36+02:00" level=debug msg="legolog: [INFO] [**********.de] acme: Could not find solver for: http-01"
time="2022-05-20T16:40:36+02:00" level=debug msg="legolog: [INFO] [**********.de] acme: use dns-01 solver"
time="2022-05-20T16:40:36+02:00" level=debug msg="legolog: [INFO] [*.**********.de] acme: Preparing to solve DNS-01"
time="2022-05-20T16:40:36+02:00" level=debug msg="legolog: [INFO] [**********.de] acme: Preparing to solve DNS-01"
time="2022-05-20T16:40:37+02:00" level=debug msg="legolog: [INFO] [*.**********.de] acme: Trying to solve DNS-01"
time="2022-05-20T16:40:37+02:00" level=debug msg="legolog: [INFO] [*.**********.de] acme: Checking DNS record propagation using [root-dns.netcup.net:53 second-dns.netcup.net:53 third-dns.netcup.net:53 8.8.8.8:53 1.1.1.1:53]"
time="2022-05-20T16:40:42+02:00" level=debug msg="legolog: [INFO] Wait for propagation [timeout: 2m0s, interval: 5s]"
time="2022-05-20T16:40:42+02:00" level=debug msg="Delaying 300000000000 rather than validating DNS propagation now." providerName=netcup.acme
time="2022-05-20T16:45:42+02:00" level=debug msg="legolog: [INFO] [*.**********.de] acme: Waiting for DNS record propagation."
time="2022-05-20T16:45:47+02:00" level=debug msg="legolog: [INFO] [**********.de] acme: Trying to solve DNS-01"
time="2022-05-20T16:45:47+02:00" level=debug msg="legolog: [INFO] [**********.de] acme: Checking DNS record propagation using [root-dns.netcup.net:53 second-dns.netcup.net:53 third-dns.netcup.net:53 8.8.8.8:53 1.1.1.1:53]"
time="2022-05-20T16:45:52+02:00" level=debug msg="legolog: [INFO] Wait for propagation [timeout: 2m0s, interval: 5s]"
time="2022-05-20T16:45:52+02:00" level=debug msg="Delaying 300000000000 rather than validating DNS propagation now." providerName=netcup.acme
time="2022-05-20T16:50:52+02:00" level=debug msg="legolog: [INFO] retry due to: acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/chall-v3/110688101626/1m0x0g :: urn:ietf:params:acme:error:badNonce :: JWS has an invalid anti-replay nonce: \"01028bDeREvHVreS9ChAohuNIRjAoiDNgV4bjF_WaNeFsYQ\""
time="2022-05-20T16:50:57+02:00" level=debug msg="legolog: [INFO] [**********.de] The server validated our request"
time="2022-05-20T16:50:57+02:00" level=debug msg="legolog: [INFO] [*.**********.de] acme: Cleaning DNS-01 challenge"
time="2022-05-20T16:50:58+02:00" level=debug msg="legolog: [INFO] [**********.de] acme: Cleaning DNS-01 challenge"
time="2022-05-20T16:50:58+02:00" level=debug msg="legolog: [INFO] Deactivating auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/110688101616"
time="2022-05-20T16:50:58+02:00" level=debug msg="legolog: [INFO] Skipping deactivating of valid auth: https://acme-v02.api.letsencrypt.org/acme/authz-v3/110688101626"
time="2022-05-20T16:50:58+02:00" level=error msg="Unable to obtain ACME certificate for domains \"**********.de,*.**********.de\" : unable to generate a certificate for the domains [**********.de *.**********.de]: error: one or more domains had a problem:\n[*.**********.de] time limit exceeded: last error: NS root-dns.netcup.net. did not return the expected TXT record [fqdn: _acme-challenge.**********.de., value: _38Vx1mrJmGZRLTKTqVEkExqJuW7g_T_gSF-G889Bd8]: \n" providerName=netcup.acme
Alles anzeigen
Ich komme einfach nicht weiter