Traefik DNS Challenge Provider (based on LEGO)
Important
To use this integration a DNS API user MUST exist. To do that follow the guide Create User in Customer Portal!
For Traefik there is also a DNS challenge interface which can communicate with the Servercow DNS API.
This is possible because Traefik (also a GO product) uses the LEGO Let's Encrypt client and therefore also its DNS challenge provider.
However, the documentation is a bit sparse, which is why we include it here.
Warning
This manual does NOT explain the general configuration of Traefik! A basic knowledge about the configuration of Traefik is required!
To specify a DNS challenge as provider it must be added to traefik.yml or traefik.toml:
#...
certificatesResolvers:
myresolver:
acme:
# ...
dnsChallenge:
provider: servercow
delayBeforeCheck: 0
# ...
# ...
[certificatesResolvers.myresolver.acme]
# ...
[certificatesResolvers.myresolver.acme.dnsChallenge]
provider = "servercow"
delayBeforeCheck = 0
# ...
Notice
In order for the DNS provider to work. Environment variables have to be added to Traefik. This can be done on a local installation via export, but the more common method to install Traefik is Docker, which is why we show the variable declaration with this example.
Simply append or create the environment section in your Traefik docker-compose.yml with this content:
#...
environment:
SERVERCOW_USERNAME: "YOUR_API_USER"
SERVERCOW_PASSWORD: "YOUR_API_USER_PASSWORD"
#...
If Traefik is given this information, it will use these credentials to obtain the certificates via DNS challenge using the Servercow API.
Reminder
Services that are to be reached by Traefik must first activate the DNS challenge as a certificate resolver (via label or config).
If everything worked, Traefik will now get the certificates via DNS Challenge using the Servercow DNS API.
Debugging
We recommend to activate the debugging mode of Traefik in traefik.yml/traefik.toml during the first certificate run, so that error messages can be analyzed more precisely.