Traefik ACME DNS-01 gcloud重复记录

时间:2018-11-01 13:36:47

标签: dns gcloud lets-encrypt traefik

我不确定这是否是特定于traefik和我的配置的问题或错误,但是将我的提供程序从route53迁移到gcloud时,我的acme配置会从google生成409个重复的资源错误。

似乎acme代码希望能够覆盖TXT记录,但不能在gcloud上显示。

错误看起来像:

time="2018-11-01T11:46:41Z" level=error msg="Error obtaining certificate: acme: Error -> One or more domains had a problem:\n[qa.mydomain.com] error presenting token: googlecloud: googleapi: Error 409: The resource 'entity.change.additions[0].rrdata[1]' named '\"VuOLZS3tfLfrOswFtV3mayqOYaz5PvQK16nJdgMdMez\"' already exists, alreadyExists\n"
time="2018-11-01T11:46:41Z" level=error msg="Unable to obtain ACME certificate for domains \"*.qa.mydomain.com,qa.mydomain.com\" : unable to generate a certificate for the domains [*.qa.mydomain.com qa.mydomain.com]: acme: Error -> One or more domains had a problem:\n[qa.mydomain.com] error presenting token: googlecloud: googleapi: Error 409: The resource 'entity.change.additions[0].rrdata[1]' named '\"VuOLZS3tfLfrOswFtV3mayqOYaz5PvQK16nJdgMdMez\"' already exists, alreadyExists\n"
time="2018-11-01T11:46:41Z" level=error msg="Error obtaining certificate: acme: Error -> One or more domains had a problem:\n[development.mydomain.com] error presenting token: googlecloud: googleapi: Error 409: The resource 'entity.change.additions[0].rrdata[1]' named '\"Jfv6orVfbwi0IdQbmpvG3qnIltMX5x56vGUpHjoBzOa\"' already exists, alreadyExists\n"
time="2018-11-01T11:46:41Z" level=error msg="Unable to obtain ACME certificate for domains \"*.development.mydomain.com,development.mydomain.com\" : unable to generate a certificate for the domains [*.development.mydomain.com development.mydomain.com]: acme: Error -> One or more domains had a problem:\n[development.mydomain.com] error presenting token: googlecloud: googleapi: Error 409: The resource 'entity.change.additions[0].rrdata[1]' named '\"Jfv6orVfbwi0IdQbmpvG3qnIltMX5x56vGUpHjoBzOa\"' already exists, alreadyExists\n"

acme配置:

[acme]
  email = "email@mydomain.com"
  storage = "/acme-certificates/acme.json"
  acmeLogging = true
  entryPoint = "https"

[acme.dnsChallenge]
  provider = "gcloud"

[[acme.domains]]
  main = "*.development.mydomain.com"
  sans = ["development.mydomain.com"]

[[acme.domains]]
  main = "*.qa.mydomain.com"
  sans = ["qa.mydomain.com"]

2 个答案:

答案 0 :(得分:0)

这是当您在同一记录上有裸域和通配符域时遇到的错误-因为它试图添加大多数DNS提供商都支持的两个TXT记录。

但是,google要求您删除记录,然后添加具有两个rrdata字段而不是两个单独的记录的新记录。

:-/

这是一个错误。 Google DNS 易于编程。

答案 1 :(得分:0)

记录为traefik bug,已打补丁并关闭。

相关问题
最新问题