Problem with Wildward Certificats

[Akecel]

We currently use pullpreview for our preview environments and it works perfectly. We've set up our Https (as well as a loadbalencer) using traefik to manage our multiple sub-domains.

However, the limitations of LetsEncrypt can be problematic so we've chosen to upgrade to a Wildcard certificate, but I seem to be getting an error with my.pullpreview.com and I can't work out where this is coming from. Here is the error in question when Traefik tries to generate the certs:

level=error msg="[.......] error: one or more domains had a problem: [*.customdomain.com] propagation: time limit exceeded: last error: dial udp: lookup ns-0.my.pullpreview.com. on 127.0.0.11:53: no such host

We use traefik and route35 as providers for the DNS Challenge :

            # Entrypoints configuration
            - "--entrypoints.web.address=:80"
            - "--entrypoints.websecure.address=:443"

            # Let's Encrypt configuration
            - "--certificatesresolvers.myresolver.acme.dnschallenge=true"
            - "--certificatesresolvers.myresolver.acme.dnschallenge.provider=route53"
            - "--certificatesresolvers.myresolver.acme.dnschallenge.delaybeforecheck=0"
            - "[email protected]"
            - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"

            # Set up the TLS configuration for our websecure listener
            - "--entrypoints.websecure.http.tls=true"
            - "--entrypoints.websecure.http.tls.certResolver=myresolver"
            - "--entrypoints.websecure.http.tls.domains[0].main=${PULLPREVIEW_PUBLIC_DNS}"
            - "--entrypoints.websecure.http.tls.domains[0].sans=*.${PULLPREVIEW_PUBLIC_DNS}"

And for each service (or for each sub-domain on certain services) of the docker-compose, I have this configuration :

            - "traefik.enable=true"
            - "traefik.http.routers.js-app.tls=true"
            - "traefik.http.routers.js-app.rule=Host(`app.${PULLPREVIEW_PUBLIC_DNS}`)"
            - "traefik.http.routers.js-app.entrypoints=websecure"
            - "traefik.http.routers.js-app.tls.certresolver=myresolver"
            - "traefik.http.services.js-app.loadbalancer.server.port=3000"

At first I thought it was more to do with traefik or my configuration (which is possible) but given that the error mentions my.pullpreview.com even though we're using a custom domain, it seems strange to me and I'm wondering if the pullpreview system isn't involved in this problem.

Any idea of what's going wrong here ? (or what I am doing wrong ?)

Thank you in advance if any help can be provided :D

[crohr]

Hi @Akecel, not sure what's going on here. It looks like something is trying to resolve the nameserver (ns-0) of my.pullpreview.com, but I don't see why, since you say you are using custom domain for your instances. Any chance to increase the Traefik logger level to see what's happening?

[Akecel]

Hi @crohr !

Unfortunately I'm already in debug mode:

- "--log.level=DEBUG"

Here is my complete log file if it helps to understand : traefik.log

[crohr]

@Akecel were you able to find a solution?

[crohr]

Closing for now, not sure I have any other inputs for this. Still interested if you managed to fox it.