You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A few days ago I updated to the latest release, v2.11.0 Yesterday, after performing a revocation of the certificate, due to key compromise, I cleared the acme.json file to force Traefik to create a new private key and to issue new certificates.
What did you see instead?
The logs then detailed put requests against NS1 for the _acme-challenge TXT records would then fail with http 400 codes. I rolled back to image v.2.10.7. No other configuration file changes were made. The PUT requests succeed on v2.10.7 and certificates are issued as expected. Also, tested on v3.0 and the issue is present there as well.
If applicable, please paste the log output in DEBUG level
time="2024-02-16T03:44:38Z" level=error msg="Unable to obtain ACME certificate for domain \"*.internal.redacted.com,internal.redacted.com,internal.redacted.com\"" error="unable to generate a certificate for the domains [*.internal.redacted.com internal.redacted.com internal.redacted.com]: error: one or more domains had a problem:\n[*.internal.redacted.com] [*.internal.redacted.com] acme: error presenting token: ns1: failed to create record [zone: \"internal.redacted.com\", fqdn: \"_acme-challenge.internal.redacted.com.\"]: PUT https://api.nsone.net/v1/zones/internal.redacted.com/_acme-challenge.internal.redacted.com/TXT: 400 Input validation failed (Value None for field '<obj>.tags' is not of type object)\n[internal.redacted.com] [internal.redacted.com] acme: error presenting token: ns1: failed to create record [zone: \"internal.redacted.com\", fqdn: \"_acme-challenge.internal.redacted.com.\"]: PUT https://api.nsone.net/v1/zones/internal.redacted.com/_acme-challenge.internal.redacted.com/TXT: 400 Input validation failed (Value None for field '<obj>.tags' is not of type object)\n" ACME CA="https://acme-staging-v02.api.letsencrypt.org/directory" tlsStoreName=default providerName=letsencrypt.acme
The text was updated successfully, but these errors were encountered:
It's related to a breaking change introduced by NS1: ns1/ns1-go#220
This was introduced inside a bugfix release of their API client, which is not semver compliant and without any doc related to this change.
I will fix the problem inside lego and then update lego inside Traefik.
I found this issue, I also had acme issues with 2.11.0
Namely it's not starting to renew expired certificates. No logs either on traefik or on the acme server (StepCA).
Thought sharing here. Reverted back to 2.10.7, restarted container and renewal started immediately.
Welcome!
What did you do?
A few days ago I updated to the latest release, v2.11.0 Yesterday, after performing a revocation of the certificate, due to key compromise, I cleared the acme.json file to force Traefik to create a new private key and to issue new certificates.
What did you see instead?
The logs then detailed put requests against NS1 for the _acme-challenge TXT records would then fail with http 400 codes. I rolled back to image v.2.10.7. No other configuration file changes were made. The PUT requests succeed on v2.10.7 and certificates are issued as expected. Also, tested on v3.0 and the issue is present there as well.
What version of Traefik are you using?
Version: 2.11.0
Codename: cheddar
Go version: go1.22.0
Built: 2024-02-12T15:26:45Z
OS/Arch: linux/amd64
What is your environment & configuration?
If applicable, please paste the log output in DEBUG level
The text was updated successfully, but these errors were encountered: