Author: William Wright Date: To: users Subject: [bitfolk] PowerDNS Secondary DNS for ACME Let's Encrypt Wildcard
certificates
Hello,
I am currently using a PowerDNS Authoritative server in my Bitfolk VPS
alongside Bitfolk's secondary DNS servers.
At home, I also have a self hosted NAS setup which involves the use of
Traefik alongside docker containers.
I have been trying to generate a wildcard Let's Encrypt certificate
using ACME via the Traefik container, authenticating via RFC2136.
However, while ACME was successfully able insert a TXT record into the
zone, it hasn't updated the Secondary DNS and reports back with the
following error:
> unable to generate a certificate for the domains [m6wiq.uk *.m6wiq.uk]: error: one or more domains had a problem:\n[*.m6wiq.uk] time limit exceeded: last error: NS a.authns.bitfolk.co.uk. did not return the expected TXT record [fqdn: _acme-challenge.m6wiq.uk., value:
Through my research on PowerDNS, I have ensured that SOA-EDIT-DNSUPDATE
is set to 'INCREASE' and that FORWARD-DNSUPDATE and NOTIFY-DNSUPDATE are
enabled. Is there anything else that I need to configure on PowerDNS to
ensure RFC2136 updates inform the secondary DNS servers?
Best Regards,
William
--
William Wright
Callsign: M6WIQ
Mail: william@???