[GH-ISSUE #242] acme-dns always restarting #120

New issue

Open

opened 2026-03-13 15:50:05 +03:00 by kerem · 3 comments

kerem commented

2026-03-13 15:50:05 +03:00

Owner

Originally created by @zainal-abidin-assegaf on GitHub (Sep 5, 2020).
Original GitHub issue: https://github.com/acme-dns/acme-dns/issues/242

Help, why acme-dns keeps on restarting,

10.100.0.10 is kubedns clusterip, assigned for all docker apps as default container dns

[general]
# DNS interface. Note that systemd-resolved may reserve port 53 on 127.0.0.53
# In this case acme-dns will error out and you will need to define the listening interface
# for example: listen = "127.0.0.1:53"
listen = "0.0.0.0:53"
# protocol, "both", "both4", "both6", "udp", "udp4", "udp6" or "tcp", "tcp4", "tcp6"
protocol = "both"
# domain name to serve the requests off of
domain = "acme.kubernetes.bnpb.go.id"
# zone name server
nsname = "acme.kubernetes.bnpb.go.id"
# admin email address, where @ is substituted with .
nsadmin = "zein.msoleh.gmail.com"
# predefined records served in addition to the TXT
records = [
    # domain pointing to the public IP of your acme-dns server 
    "acme.kubernetes.bnpb.go.id. A 116.12.46.204",
    # specify that auth.example.org will resolve any *.auth.example.org records
    "acme.kubernetes.bnpb.go.id. NS acme.kubernetes.bnpb.go.id.",
]
# debug messages from CORS etc
debug = false

[database]
# Database engine to use, sqlite3 or postgres
engine = "sqlite3"
# engine = "postgres"
# Connection string, filename for sqlite3 and postgres://$username:$password@$host/$db_name for postgres
# Please note that the default Docker image uses path /var/lib/acme-dns/acme-dns.db for sqlite3
connection = "/var/lib/acme-dns/acme-dns.db"
# connection = "postgres://inarisk:inarisk@10.100.48.24:5432/acmedns_db"

[api]
# listen ip eg. 127.0.0.1
ip = "0.0.0.0"
# disable registration endpoint
disable_registration = false
# listen port, eg. 443 for default HTTPS
port = "443"
# possible values: "letsencrypt", "letsencryptstaging", "cert", "none"
tls = "letsencryptstaging"
# only used if tls = "cert"
# tls_cert_privkey = "/etc/tls/acme.kubernetes.bnpb.go.id/privkey.pem"
# tls_cert_fullchain = "/etc/tls/acme.kubernetes.bnpb.go.id/fullchain.pem"
# only used if tls = "letsencrypt"
acme_cache_dir = "api-certs"
# CORS AllowOrigins, wildcards can be used
corsorigins = [
    "*"
]
# use HTTP header to get the client ip
use_header = false
# header name to pull the ip address / list of ip addresses from
header_name = "X-Forwarded-For"

[logconfig]
# logging level: "error", "warning", "info" or "debug"
loglevel = "debug"
# possible values: stdout, TODO file & integrations
logtype = "stdout"
# file path for logfile TODO
# logfile = "./acme-dns.log"
# format, either "json" or "text"
logformat = "text"

kubernetes ingress:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
 name: acme-dns
 namespace: acme-dns
 annotations:
   kubernetes.io/ingress.class: "nginx"
   nginx.ingress.kubernetes.io/rewrite-target: /
   nginx.ingress.kubernetes.io/ssl-redirect: "true"
   nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
spec:
  rules:
  - host: acme.kubernetes.bnpb.go.id
    http:
      paths:
      - backend:
          serviceName: web
          servicePort: 80
        path: /
  # This section is only required if TLS is to be enabled for the Ingress
  tls:
  - hosts: 
      - acme.kubernetes.bnpb.go.id
    secretName: ingress-certificate-secret

cert-manager certificate:

apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: bnpb-acme-certificate
spec:
  secretName: ingress-certificate-secret
  dnsNames:
  - acme.kubernetes.bnpb.go.id
  - "*.acme.kubernetes.bnpb.go.id"
  issuerRef:
    name: issuer-letsencrypt
    # We can reference ClusterIssuers by changing the kind here.
    # The default value is Issuer (i.e. a locally namespaced Issuer)
    kind: Issuer
    group: cert-manager.io

cert-manager issuer:

apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
  name: issuer-letsencrypt
spec:
  acme:
    server: https://acme-staging-v02.api.letsencrypt.org/directory
    email: xxx@gmail.com
    privateKeySecretRef:
      name: account-private-key-secret
    solvers:
    - dns01:
        acmeDNS:
          host: https://acme.kubernetes.bnpb.go.id
          accountSecretRef:
            name: acme-dns
            key: acmedns.json

Originally created by @zainal-abidin-assegaf on GitHub (Sep 5, 2020). Original GitHub issue: https://github.com/acme-dns/acme-dns/issues/242 Help, why acme-dns keeps on restarting, ![image](https://user-images.githubusercontent.com/22811935/92293141-4d7f5e80-ef4b-11ea-84ee-ceecc39fafaf.png) 10.100.0.10 is kubedns clusterip, assigned for all docker apps as default container dns ``` [general] # DNS interface. Note that systemd-resolved may reserve port 53 on 127.0.0.53 # In this case acme-dns will error out and you will need to define the listening interface # for example: listen = "127.0.0.1:53" listen = "0.0.0.0:53" # protocol, "both", "both4", "both6", "udp", "udp4", "udp6" or "tcp", "tcp4", "tcp6" protocol = "both" # domain name to serve the requests off of domain = "acme.kubernetes.bnpb.go.id" # zone name server nsname = "acme.kubernetes.bnpb.go.id" # admin email address, where @ is substituted with . nsadmin = "zein.msoleh.gmail.com" # predefined records served in addition to the TXT records = [ # domain pointing to the public IP of your acme-dns server "acme.kubernetes.bnpb.go.id. A 116.12.46.204", # specify that auth.example.org will resolve any *.auth.example.org records "acme.kubernetes.bnpb.go.id. NS acme.kubernetes.bnpb.go.id.", ] # debug messages from CORS etc debug = false [database] # Database engine to use, sqlite3 or postgres engine = "sqlite3" # engine = "postgres" # Connection string, filename for sqlite3 and postgres://$username:$password@$host/$db_name for postgres # Please note that the default Docker image uses path /var/lib/acme-dns/acme-dns.db for sqlite3 connection = "/var/lib/acme-dns/acme-dns.db" # connection = "postgres://inarisk:inarisk@10.100.48.24:5432/acmedns_db" [api] # listen ip eg. 127.0.0.1 ip = "0.0.0.0" # disable registration endpoint disable_registration = false # listen port, eg. 443 for default HTTPS port = "443" # possible values: "letsencrypt", "letsencryptstaging", "cert", "none" tls = "letsencryptstaging" # only used if tls = "cert" # tls_cert_privkey = "/etc/tls/acme.kubernetes.bnpb.go.id/privkey.pem" # tls_cert_fullchain = "/etc/tls/acme.kubernetes.bnpb.go.id/fullchain.pem" # only used if tls = "letsencrypt" acme_cache_dir = "api-certs" # CORS AllowOrigins, wildcards can be used corsorigins = [ "*" ] # use HTTP header to get the client ip use_header = false # header name to pull the ip address / list of ip addresses from header_name = "X-Forwarded-For" [logconfig] # logging level: "error", "warning", "info" or "debug" loglevel = "debug" # possible values: stdout, TODO file & integrations logtype = "stdout" # file path for logfile TODO # logfile = "./acme-dns.log" # format, either "json" or "text" logformat = "text" ``` kubernetes ingress: ``` apiVersion: extensions/v1beta1 kind: Ingress metadata: name: acme-dns namespace: acme-dns annotations: kubernetes.io/ingress.class: "nginx" nginx.ingress.kubernetes.io/rewrite-target: / nginx.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/force-ssl-redirect: "true" spec: rules: - host: acme.kubernetes.bnpb.go.id http: paths: - backend: serviceName: web servicePort: 80 path: / # This section is only required if TLS is to be enabled for the Ingress tls: - hosts: - acme.kubernetes.bnpb.go.id secretName: ingress-certificate-secret ``` cert-manager certificate: ``` apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: bnpb-acme-certificate spec: secretName: ingress-certificate-secret dnsNames: - acme.kubernetes.bnpb.go.id - "*.acme.kubernetes.bnpb.go.id" issuerRef: name: issuer-letsencrypt # We can reference ClusterIssuers by changing the kind here. # The default value is Issuer (i.e. a locally namespaced Issuer) kind: Issuer group: cert-manager.io ``` cert-manager issuer: ``` apiVersion: cert-manager.io/v1 kind: Issuer metadata: name: issuer-letsencrypt spec: acme: server: https://acme-staging-v02.api.letsencrypt.org/directory email: xxx@gmail.com privateKeySecretRef: name: account-private-key-secret solvers: - dns01: acmeDNS: host: https://acme.kubernetes.bnpb.go.id accountSecretRef: name: acme-dns key: acmedns.json ```

kerem commented

2026-03-13 15:50:11 +03:00

Author

Owner

@OneAceGuy commented on GitHub (Sep 6, 2020):

Did you read Issue #228 ?

That was resolved by changing config.cfg file:

[api]
# possible values: "letsencrypt", "letsencryptstaging", "cert", "none"
tls = "none"

@OneAceGuy commented on GitHub (Sep 6, 2020): Did you read Issue #228 ? That was resolved by changing config.cfg file: ``` [api] # possible values: "letsencrypt", "letsencryptstaging", "cert", "none" tls = "none" ```

kerem commented

2026-03-13 15:50:16 +03:00

Author

Owner

@zainal-abidin-assegaf commented on GitHub (Sep 7, 2020):

@OneAceGuy ,

Sorry, my bad, Thank you.

@zainal-abidin-assegaf commented on GitHub (Sep 7, 2020): @OneAceGuy , Sorry, my bad, Thank you. ![image](https://user-images.githubusercontent.com/22811935/92345239-d684ca00-f0f2-11ea-9a97-30f174c95a10.png) ![image](https://user-images.githubusercontent.com/22811935/92345259-e8666d00-f0f2-11ea-90dc-3c65618136c8.png)

kerem commented

2026-03-13 15:50:21 +03:00

Author

Owner

@leggewie commented on GitHub (Jan 16, 2022):

@4ss3g4f please close the issue if it's been resolved

@leggewie commented on GitHub (Jan 16, 2022): @4ss3g4f please close the issue if it's been resolved