0

尝试设置 DNS 质询以获取通配符证书。

这是我们的环境变量的样子:

environment:
  - TRAEFIK_ENTRYPOINTS_HTTP=true
  - TRAEFIK_ENTRYPOINTS_HTTP_ADDRESS=:80
  - TRAEFIK_ENTRYPOINTS_HTTPS=true
  - TRAEFIK_ENTRYPOINTS_HTTPS_ADDRESS=:443
  - TRAEFIK_ENTRYPOINTS_HTTPS_HTTP_TLS=true
  - TRAEFIK_ENTRYPOINTS_HTTPS_HTTP_TLS_CERTRESOLVER=default
  - TRAEFIK_ENTRYPOINTS_HTTPS_HTTP_TLS_DOMAINS_0_MAIN=mydomain.net
  - TRAEFIK_ENTRYPOINTS_HTTPS_HTTP_TLS_DOMAINS_0_SANS=*.mydomain.net
  - TRAEFIK_PROVIDERS_DOCKER=true
  - TRAEFIK_CERTIFICATESRESOLVERS_DEFAULT=true
  - TRAEFIK_CERTIFICATESRESOLVERS_DEFAULT_ACME_EMAIL=info@mydomain.net
  - TRAEFIK_CERTIFICATESRESOLVERS_DEFAULT_ACME_DNSCHALLENGE=true
  - TRAEFIK_CERTIFICATESRESOLVERS_DEFAULT_ACME_DNSCHALLENGE_PROVIDER=pdns
  - TRAEFIK_CERTIFICATESRESOLVERS_DEFAULT_ACME_DNSCHALLENGE_RESOLVERS=8.8.8.8:53
  - TRAEFIK_CERTIFICATESRESOLVERS_DEFAULT_ACME_DNSCHALLENGE_DELAYBEFORECHECK=15
  - TRAEFIK_CERTIFICATESRESOLVERS_DEFAULT_ACME_STORAGE=/data/acme.json
  - PDNS_API_URL=http://192.168.123.10:8081/
  - PDNS_API_KEY=pdns-api-key

这是它输出的日志:

time="2021-09-06T08:53:39+02:00" level=error msg="Unable to obtain ACME certificate for domains \"mydomain.net,*.mydomain.net\" : unable to generate a certificate for the domains [mydomain.net *.mydomain.net]: error: one or more domains had a problem:\n[*.mydomain.net] time limit exceeded: last error: read udp 192.168.160.2:38270->195.141.155.147:53: i/o timeout\n[mydomain.net] time limit exceeded: last error: read udp 192.168.160.2:49936->195.141.155.147:53: i/o timeout\n" providerName=default.acme

已经尝试增加DELAYBEFORECHECK和设置一个RESOLVER没有成功。

在 PowerDNS 中正确创建了 ACME 挑战:

PowerDNS TXT 挑战

可能有人可以提供帮助或对如何完成这项工作有想法?

4

1 回答 1

0

通过 UDP 的 NAT 反射未正确设置。现在它起作用了。

于 2021-09-07T10:30:28.637 回答