长话短说,有空再完善一下
问题
使用DNS01challenge获取cloudflare的泛域名证书
按理说填写上对应的Token就可以了,然后把SAN配置为对应的二级泛域名
但是今天新买了一个鸡,用同样的方法获取证书居然获取失败
日志如下:
[test.top *.test.top]: error: one or more domains had a problem:\n[*.test.top] acme: error: 400 :: urn:ietf:params:acme:error:dns :: DNS problem: server failure at resolver looking up TXT for _acme-challenge.test.top\n[test.top] acme: error: 400 :: urn:ietf:params:acme:error:dns :: DNS problem: looking up TXT for _acme-challenge.test.top: DNSSEC: DNSKEY Missing\n" ACME CA=https://acme-v02.api.letsencrypt.org/directory acmeCA=https://acme-v02.api.letsencrypt.org/directory domains=["test.top","*.test.top"] provider Name=666resolver.acme routerName=dashboard@docker rule=Host(`los-h-llc-traefik.test.top`)
然后对应的反代服务器的配置如下:
derp:
image: fredliang/derper
labels:
- "traefik.enable=true"
- "traefik.http.routers.derp.entrypoints=websecure"
- "traefik.http.routers.derp.rule=Host(`derp.test.com`)"
- "traefik.http.routers.derp.tls.certresolver=666resolver"
- "traefik.http.routers.derp.tls.domains[0].main=test.com"
- "traefik.http.routers.derp.tls.domains[0].sans=*.test.com"
以上只是一个示例
为什么这个会报错:DNSSEC KEY is missing?
而我的域名根本没开DNSSEC,而且同一账号下托管了另外一个域名就能获取到证书
------------------
BTW,域名购买自namesilo
托管在CF
另外acme.sh也是报错