Arch Linux

NoReturn

Member

Registered: 2023-05-27

Posts: 1

Lets encrypt dns challenge via traefik docker compose

Hello,
I am trying to get let's encrypt certs via dns challenge by using traefik docker compose. I started with official snippet:
https://doc.traefik.io/traefik/user-gui … /acme-dns/
I am using Cloudflare so I have swapped env variables but other than that I have confirmed this scripts works 100% on fresh Ubuntu-server install. On fresh arch install I get this error which doesn't help:

level=error msg="Unable to obtain ACME certificate for domains \"example.com\": unable to generate a certificate for the domains [example.com]: error: one or more domains had a problem:\n[example.com] [example.com] acme: error presenting token: cloudflare: unexpected response code 'SERVFAIL' for _acme-challenge.example.com.\n" ACME CA="https://acme-staging-v02.api.letsencrypt.org/directory" routerName=whoami@docker rule="Host(`example.com`)" providerName=myresolver.acme

Things I have tried/checked:
    docker container has internet connectivity and resolves dns names just fine
    the cloudflare api key and email is 100% correct
    i can generate cert via dns challenge using certbot on host just fine, same credentials
    i tried overwriting docker dns via /etc/docker/daemon.json entry -> no change
    i added recommended kernel tweak via sysctl = no change
      (net.ipv4.ip_forward = 1
      net.ipv4.ip_nonlocal_bind = 1)
    iptables is disabled
    like i said this works on clean ubuntu-server install, just installed docker and docker compose, with no kernel tweaks, no messing with daemon.json

I don't really know where to take it from here. I suspected some dns issue but everything seems to work and both arch and ubuntu use systemd-resolvd. Any ideas?