Can't generate certificate for OVH

Hello,
I already generate successfully a certificate about 4 weeks ago for *.subdomain.mydomain.ovh but then i changed it to *.mydomain.ovh. I also recreated the token keys for ovh but not luck. I'm trying it since 3 days but i don't get it. I have no clue whats wrong.

`time="2019-09-07T17:14:12Z" level=info msg="Using TOML configuration file /etc/traefik/traefik.toml"
time="2019-09-07T17:14:12Z" level=warning msg="web provider configuration is deprecated, you should use these options : api, rest provider, ping and metrics"
time="2019-09-07T17:14:12Z" level=warning msg="web option is ignored if you use it with one of these options : api, rest provider, ping or metrics"
time="2019-09-07T17:14:12Z" level=info msg="Traefik version v1.7.14 built on 2019-08-14_09:46:58AM"
time="2019-09-07T17:14:12Z" level=info msg="\nStats collection is disabled.\nHelp us improve Traefik by turning this feature on :)\nMore details on: https:/$
time="2019-09-07T17:14:14Z" level=info msg="Preparing server http &{Address::80 TLS:<nil> Redirect:0x5fae280 Auth:<nil> WhitelistSourceRange:[] WhiteList:<n$
time="2019-09-07T17:14:14Z" level=info msg="Preparing server https &{Address::443 TLS:0x5d6b860 Redirect:<nil> Auth:<nil> WhitelistSourceRange:[] WhiteList:$
time="2019-09-07T17:14:14Z" level=info msg="Starting server on :80"
time="2019-09-07T17:14:20Z" level=info msg="Preparing server traefik &{Address::8080 TLS:<nil> Redirect:<nil> Auth:<nil> WhitelistSourceRange:[] WhiteList:<$
time="2019-09-07T17:14:20Z" level=info msg="Starting server on :443"
time="2019-09-07T17:14:20Z" level=info msg="Starting provider configuration.ProviderAggregator {}"
time="2019-09-07T17:14:20Z" level=info msg="Starting server on :8080"
time="2019-09-07T17:14:20Z" level=info msg="Starting provider *docker.Provider {\"Watch\":true,\"Filename\":\"\",\"Constraints\":null,\"Trace\":false,\"Temp$
time="2019-09-07T17:14:20Z" level=info msg="Starting provider *acme.Provider {\"Email\":\"myemail@web.de\",\"ACMELogging\":true,\"CAServer\":\"https://acm$
time="2019-09-07T17:14:20Z" level=info msg="Testing certificate renew..."
time="2019-09-07T17:14:21Z" level=info msg="legolog: [INFO] [*.example.ovh, example.ovh] acme: Obtaining bundled SAN certificate"
time="2019-09-07T17:14:22Z" level=info msg="legolog: [INFO] [*.example.ovh] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/236646666"
time="2019-09-07T17:14:22Z" level=info msg="legolog: [INFO] [example.ovh] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/236646667"
time="2019-09-07T17:14:22Z" level=info msg="legolog: [INFO] [*.example.ovh] acme: use dns-01 solver"
time="2019-09-07T17:14:22Z" level=info msg="legolog: [INFO] [example.ovh] acme: Could not find solver for: tls-alpn-01"
time="2019-09-07T17:14:22Z" level=info msg="legolog: [INFO] [example.ovh] acme: Could not find solver for: http-01"
time="2019-09-07T17:14:22Z" level=info msg="legolog: [INFO] [example.ovh] acme: use dns-01 solver"
time="2019-09-07T17:14:22Z" level=info msg="legolog: [INFO] [*.example.ovh] acme: Preparing to solve DNS-01"
time="2019-09-07T17:14:22Z" level=info msg="legolog: [INFO] [example.ovh] acme: Preparing to solve DNS-01"
time="2019-09-07T17:14:22Z" level=info msg="legolog: [INFO] [*.example.ovh] acme: Cleaning DNS-01 challenge"
time="2019-09-07T17:14:22Z" level=info msg="legolog: [WARN] [*.example.ovh] acme: error cleaning up: ovh: unknown record ID for '_acme-challenge.example.ovh.'$
time="2019-09-07T17:14:22Z" level=info msg="legolog: [INFO] [example.ovh] acme: Cleaning DNS-01 challenge"
time="2019-09-07T17:14:22Z" level=info msg="legolog: [WARN] [example.ovh] acme: error cleaning up: ovh: unknown record ID for '_acme-challenge.example.ovh.' "
time="2019-09-07T17:14:23Z" level=error msg="Error obtaining certificate retrying in 716.289865ms"
time="2019-09-07T17:14:24Z" level=info msg="legolog: [INFO] [*.example.ovh, example.ovh] acme: Obtaining bundled SAN certificate"
time="2019-09-07T17:14:24Z" level=info msg="Server configuration reloaded on :8080"
time="2019-09-07T17:14:24Z" level=info msg="Server configuration reloaded on :80"
time="2019-09-07T17:14:24Z" level=info msg="Server configuration reloaded on :443"
time="2019-09-07T17:14:25Z" level=info msg="legolog: [INFO] [*.example.ovh] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/236647016"
time="2019-09-07T17:14:25Z" level=info msg="legolog: [INFO] [example.ovh] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/236647017"
time="2019-09-07T17:14:25Z" level=info msg="legolog: [INFO] [*.example.ovh] acme: use dns-01 solver"
time="2019-09-07T17:14:25Z" level=info msg="legolog: [INFO] [example.ovh] acme: Could not find solver for: tls-alpn-01"
time="2019-09-07T17:14:25Z" level=info msg="legolog: [INFO] [example.ovh] acme: Could not find solver for: http-01"
time="2019-09-07T17:14:25Z" level=info msg="legolog: [INFO] [example.ovh] acme: use dns-01 solver"
time="2019-09-07T17:14:25Z" level=info msg="legolog: [INFO] [*.example.ovh] acme: Preparing to solve DNS-01"
time="2019-09-07T17:14:25Z" level=info msg="legolog: [INFO] [example.ovh] acme: Preparing to solve DNS-01"
time="2019-09-07T17:14:25Z" level=info msg="legolog: [INFO] [*.example.ovh] acme: Cleaning DNS-01 challenge"
time="2019-09-07T17:14:25Z" level=info msg="legolog: [WARN] [*.example.ovh] acme: error cleaning up: ovh: unknown record ID for '_acme-challenge.example.ovh.'$
time="2019-09-07T17:14:25Z" level=info msg="legolog: [INFO] [example.ovh] acme: Cleaning DNS-01 challenge"
time="2019-09-07T17:14:25Z" level=info msg="legolog: [WARN] [example.ovh] acme: error cleaning up: ovh: unknown record ID for '_acme-challenge.example.ovh.' "
time="2019-09-07T17:14:25Z" level=info msg="Server configuration reloaded on :80"
time="2019-09-07T17:14:25Z" level=info msg="Server configuration reloaded on :443"
time="2019-09-07T17:14:25Z" level=info msg="Server configuration reloaded on :8080"
time="2019-09-07T17:14:26Z" level=error msg="Error obtaining certificate retrying in 629.505944ms"
time="2019-09-07T17:14:27Z" level=info msg="legolog: [INFO] [*.example.ovh, example.ovh] acme: Obtaining bundled SAN certificate"
time="2019-09-07T17:14:28Z" level=info msg="legolog: [INFO] [*.example.ovh] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/236647392"
time="2019-09-07T17:14:28Z" level=info msg="legolog: [INFO] [example.ovh] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/236647393"
time="2019-09-07T17:14:28Z" level=info msg="legolog: [INFO] [*.example.ovh] acme: use dns-01 solver"
time="2019-09-07T17:14:28Z" level=info msg="legolog: [INFO] [example.ovh] acme: Could not find solver for: tls-alpn-01"
time="2019-09-07T17:14:28Z" level=info msg="legolog: [INFO] [example.ovh] acme: Could not find solver for: http-01"
time="2019-09-07T17:14:28Z" level=info msg="legolog: [INFO] [example.ovh] acme: use dns-01 solver"
time="2019-09-07T17:14:28Z" level=info msg="legolog: [INFO] [*.example.ovh] acme: Preparing to solve DNS-01"
time="2019-09-07T17:14:28Z" level=info msg="legolog: [INFO] [example.ovh] acme: Preparing to solve DNS-01"
time="2019-09-07T17:14:28Z" level=info msg="legolog: [INFO] [*.example.ovh] acme: Cleaning DNS-01 challenge"
time="2019-09-07T17:14:28Z" level=info msg="legolog: [WARN] [*.example.ovh] acme: error cleaning up: ovh: unknown record ID for '_acme-challenge.example.ovh.'$
time="2019-09-07T17:14:28Z" level=info msg="legolog: [INFO] [example.ovh] acme: Cleaning DNS-01 challenge"
time="2019-09-07T17:14:28Z" level=info msg="legolog: [WARN] [example.ovh] acme: error cleaning up: ovh: unknown record ID for '_acme-challenge.example.ovh.' "
time="2019-09-07T17:14:29Z" level=error msg="Error obtaining certificate: acme: Error -> One or more domains had a problem:\n[*.example.ovh] [*.example.ovh] a$
time="2019-09-07T17:14:29Z" level=error msg="Unable to obtain ACME certificate for domains \"*.example.ovh,example.ovh\" : unable to generate a certificate fo$
time="2019-09-07T17:14:35Z" level=info msg="Skipping same configuration for provider docker"

`
debug = false

logLevel = "INFO"
defaultEntryPoints = ["http", "https"]

[traefikLog]
  filePath = "/etc/traefik/traefik.log"
#  format   = "json"

[accessLog]
  filePath = "/etc/traefik/access.log"
#  format = "json"


#deprecated
[web]
  address = ":8085"

[docker]
  endpoint = "unix:///var/run/docker.sock"
  domain = "example.ovh"
  watch = true
  exposedbydefault = false

 # Force HTTPS
[entryPoints]
  [entryPoints.http]
  address = ":80"
    [entryPoints.http.redirect]
    entryPoint = "https"
  [entryPoints.https]
  address = ":443"
    [entryPoints.https.tls]

 # Let's encrypt configuration
 [acme]
   email="myemail@web.de"
   storage="/etc/traefik/acme/acme.json"
   entryPoint="https"
   acmeLogging=true
   onHostRule=false
  # resolvers = ["1.1.1.1:53", "8.8.8.8:53"]

    [acme.dnsChallenge]
     provider = "ovh"
     delayBeforeCheck = 90

 [[acme.domains]]
   main = "*.example.ovh"
   sans = ["example.ovh"]
       traefik:
        image: traefik:v1.7.14
        container_name: traefik
        command: --api --docker
        restart: always
        ports:
            - 80:80
            - 443:443
            - 8085:8080
        volumes:
            - /var/run/docker.sock:/var/run/docker.sock
            - ./traefik:/etc/traefik
        environment:
            - "TZ=Europe/Berlin"
            - OVH_ENDPOINT=ovh-eu
            - OVH_APPLICATION_KEY=xxx
            - OVH_APPLICATION_SECRET=xxxx
            - OVH_CONSUMER_KEY=xxxxx
        networks:
            - traefik_proxy
            - fhem-network
        #traefik config
        labels:
            - "traefik.enable=false"

did u fix the problem? I have exactly the same problem

Found the issue: its an integer overflow on ARM7 platform.

will be fixed in lego 3.1 and hopefully soon updated in traefik

I have no solution until now. Thank you very much for sharing this info.

where can I find the the file ovh.go to corect it? I use Traefik alpine and i can log in with /bin/sh

It's in the git repo linked above. You probably will need to wait until a traefik update, unless you want to recompile it your self and rebuild the docker image yourself from that, and I infer from your question that most likely this would not be something you are comfortable with.

update is there. its fixed

1 Like