Rollout switch from TLS-ALPN-01-based LE certs to DNS-01-based #4

New Issue

Open

opened 2024-08-14 13:32:01 -07:00 by Jafner · 3 comments

Jafner commented 2024-08-14 13:32:01 -07:00

Owner

Copy Link

https://letsencrypt.org/docs/challenge-types/

https://doc.traefik.io/traefik/routing/routers/#certresolver

https://doc.traefik.io/traefik/https/acme/#certificate-resolvers

https://letsencrypt.org/docs/challenge-types/ https://doc.traefik.io/traefik/routing/routers/#certresolver https://doc.traefik.io/traefik/https/acme/#certificate-resolvers

Jafner referenced this issue from a commit 2024-08-15 10:24:21 -07:00

#4 Add nginx container at `test.nginx.jafner.net` to test DNS challenge

Jafner commented 2024-08-15 10:26:34 -07:00

Author

Owner

Copy Link

We're getting the following error when we try to get a cert via DNS challenge:

time="2024-08-15T17:25:15Z" level=error msg="Unable to obtain ACME certificate for domains \"test.nginx.jafner.net\": unable to generate a certificate for the domains [test.nginx.jafner.net]: error: one or more domains had a problem:\n[test.nginx.jafner.net] [test.nginx.jafner.net] acme: error presenting token: cloudflare: failed to find zone jafner.net.: ListZonesContext command failed: HTTP status 400: Invalid request headers (6003)\n" ACME CA="https://acme-staging-v02.api.letsencrypt.org/directory" routerName=nginx@docker rule="Host(`test.nginx.jafner.net`)" providerName=lets-encrypt-dns01.acme

Highlighting what I suspect is the core of the issue: acme: error presenting token: cloudflare: failed to find zone jafner.net.: ListZonesContext command failed: HTTP status 400: Invalid request headers (6003)\n"

We're getting the following error when we try to get a cert via DNS challenge: ``` time="2024-08-15T17:25:15Z" level=error msg="Unable to obtain ACME certificate for domains \"test.nginx.jafner.net\": unable to generate a certificate for the domains [test.nginx.jafner.net]: error: one or more domains had a problem:\n[test.nginx.jafner.net] [test.nginx.jafner.net] acme: error presenting token: cloudflare: failed to find zone jafner.net.: ListZonesContext command failed: HTTP status 400: Invalid request headers (6003)\n" ACME CA="https://acme-staging-v02.api.letsencrypt.org/directory" routerName=nginx@docker rule="Host(`test.nginx.jafner.net`)" providerName=lets-encrypt-dns01.acme ``` Highlighting what I suspect is the core of the issue: `acme: error presenting token: cloudflare: failed to find zone jafner.net.: ListZonesContext command failed: HTTP status 400: Invalid request headers (6003)\n"`

Jafner referenced this issue from a commit 2024-08-15 11:04:05 -07:00

#4 Add cloudflare zone read token

Jafner referenced this issue from a commit 2024-08-15 11:25:36 -07:00

#4 Enable debug logs for traefik to better diagnose issue getting certs via dnsChallenge

Jafner referenced this issue from a commit 2024-08-15 11:34:20 -07:00

#4 Add debug logging

Jafner commented 2024-08-15 11:36:02 -07:00

Author

Owner

Copy Link

Enabled debug logging, still getting:

traefik_traefik  | 2024-08-15T18:34:44Z ERR github.com/traefik/traefik/v3/pkg/provider/acme/provider.go:396 > Unable to obtain ACME certificate for domains error="unable to generate a certificate for the domains [test.nginx.jafner.net]: error: one or more domains had a problem:\n[test.nginx.jafner.net] [test.nginx.jafner.net] acme: error presenting token: cloudflare: failed to find zone jafner.net.: ListZonesContext command failed: Invalid request headers (6003)\n" ACME CA=https://acme-staging-v02.api.letsencrypt.org/directory acmeCA=https://acme-staging-v02.api.letsencrypt.org/directory domains=["test.nginx.jafner.net"] providerName=lets-encrypt-dns01.acme routerName=nginx@docker rule=Host(`test.nginx.jafner.net`)

Enabled debug logging, still getting: ``` traefik_traefik | 2024-08-15T18:34:44Z ERR github.com/traefik/traefik/v3/pkg/provider/acme/provider.go:396 > Unable to obtain ACME certificate for domains error="unable to generate a certificate for the domains [test.nginx.jafner.net]: error: one or more domains had a problem:\n[test.nginx.jafner.net] [test.nginx.jafner.net] acme: error presenting token: cloudflare: failed to find zone jafner.net.: ListZonesContext command failed: Invalid request headers (6003)\n" ACME CA=https://acme-staging-v02.api.letsencrypt.org/directory acmeCA=https://acme-staging-v02.api.letsencrypt.org/directory domains=["test.nginx.jafner.net"] providerName=lets-encrypt-dns01.acme routerName=nginx@docker rule=Host(`test.nginx.jafner.net`) ```

Jafner referenced this issue from a commit 2024-08-15 11:47:35 -07:00

#4 Remove quotes from token value

Jafner commented 2024-08-15 11:55:19 -07:00

Author

Owner

Copy Link

We, uh...

Had to remove the single quotes around our token value...

We, uh... Had to remove the single quotes around our token value...

Jafner referenced this issue from a commit 2024-08-15 11:56:25 -07:00

#4 Disable traefik debug logging

Jafner added this to the Ongoing Cleanup and Paying Off Tech Debt milestone 2024-10-25 21:26:44 -07:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

No results found.

Labels

Clear labels

No items

No Label

Milestone

Clear milestone

No items

No Milestone

Ongoing Cleanup and Paying Off Tech Debt

Projects

Clear projects

No project

Assignees

Clear assignees

No Assignees

1 Participants

Notifications

Subscribe

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: Jafner/Jafner.net#4

No description provided.