You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Use Adguard "Filters->DNS Rewrites", add the wildcard A entry. (*.subdomain.domain.com)
Send a TLS cert request using the DNS name anything.subdomain.domain.com (traefik auto-request)
Note: As soon as that initial domain fully fails, it proceeds to get a cert for subdomain.domain.com just fine.
Note2: Other machines (including the Smallstep docker host) can ping anything.subdomain.domain.com, including my browser. Thus it's not a failure of Adguard to publish the DNS wildcard.
Your Environment
OS - Ubuntu Server 20.04
step-ca Version - 0.25.2
Expected Behavior
Give out cert immediately and not get an error
Actual Behavior
Smallstep responds with "The server could not connect to validation target"
Additional Context
It takes about 5+ mins for Smallstep to finally give up and reject the Traefik request (during this time my Traefik container cannot proceed and the cert requests are stalled for other domains, making them inaccessible)
Contributing
Vote on this issue by adding a 👍 reaction.
To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).
The text was updated successfully, but these errors were encountered:
Hey @ZaxLofful, can the machine/container running step-ca successfully connect to anything.subdomain.domain.com itself? Assuming you're running it in Docker (since you mentioned the Docker host), it's possible the container uses a different DNS server and thus doesn't get the right answer. With Docker it's possible to set the DNS server to use: https://docs.docker.com/network/#dns-services. You can also run step-ca with --resolver=<ip:port> to specify a DNS server.
Steps to Reproduce
Note: As soon as that initial domain fully fails, it proceeds to get a cert for subdomain.domain.com just fine.
Note2: Other machines (including the Smallstep docker host) can ping anything.subdomain.domain.com, including my browser. Thus it's not a failure of Adguard to publish the DNS wildcard.
Your Environment
step-ca
Version - 0.25.2Expected Behavior
Give out cert immediately and not get an error
Actual Behavior
Smallstep responds with "The server could not connect to validation target"
Additional Context
It takes about 5+ mins for Smallstep to finally give up and reject the Traefik request (during this time my Traefik container cannot proceed and the cert requests are stalled for other domains, making them inaccessible)
Contributing
Vote on this issue by adding a 👍 reaction.
To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).
The text was updated successfully, but these errors were encountered: