Nice stack... Almost exactly what I had set up manually before but now in a convenient place and kept up to date by more people so perfect fit when I reinstalled my server. I have made some minor tweaks, added active directory and duo to authelia, added Syncrify, Nextcloud, made qbittorrent use gluetun etc.
But, one thing that doesn't seem to want to work is Let's Encrypt generation of wildcard certificate.
It seems to add TXT records fine to my cloudflare account but then I get nothing but errors and reach the rate limit. I have started using cloudflare edge certificate instead but I would really like to get Let's Encrypt working.
Is there any known issue with the version of the certbot used or something like that? (I know it has been in the past).
Error examples.
A bunch of these
traefik | 2020-06-22T21:55:45.765146452Z time="2020-06-22T21:55:45Z" level=error msg="Unable to obtain ACME certificate for domains "foo.io,.foo.io" : unable to generate a certificate for the domains [foo.io .foo.io]: error: one or more domains had a problem:\n[.foo.io] [.foo.io] acme: error presenting token: cloudflare: failed to create TXT record: error from makeRequest: HTTP status 400: content "{\"result\":null,\"success\":false,\"errors\":[{\"code\":81057,\"message\":\"The record already exists.\"}],\"messages\":[]}"\n[liljeberg.io] [liljeberg.io] acme: error presenting token: cloudflare: failed to create TXT record: error from makeRequest: HTTP status 400: content "{\"result\":null,\"success\":false,\"errors\":[{\"code\":81057,\"message\":\"The record already exists.\"}],\"messages\":[]}"\n" providerName=dns-cloudflare.acme
And some of these
traefik | 2020-06-23T20:26:04.602206139Z time="2020-06-23T20:26:04Z" level=error msg="Unable to obtain ACME certificate for domains "foo.io,*.foo.io" : unable to generate a certificate for the domains [foo.io .foo.io]: error: one or more domains had a problem:\n[.foo.io] failed to initiate challenge: acme: error: 400 :: POST :: https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/68109260/DXWjoQ :: urn:ietf:params:acme:error:malformed :: Unable to update challenge :: authorization must be pending, url: \n[liljeberg.io] failed to initiate challenge: acme: error: 400 :: POST :: https://acme-staging-v02.api.letsencrypt.org/acme/chall-v3/68109261/_etZhg :: urn:ietf:params:acme:error:malformed :: Unable to update challenge :: authorization must be pending, url: \n" providerName=dns-cloudflare.acme
I have tested both staging and production.