Search code examples
dnsgcloudlets-encrypttraefik

Traefik ACME DNS-01 gcloud duplicate records

I'm not sure if this is an issue specific to traefik and my config or a bug but moving my provider from route53 to gcloud my acme configuration generates 409 duplicate resource errors from google.

It appears like the acme code is expecting to be able to override TXT records but can't on gcloud.

The errors look like:

time="2018-11-01T11:46:41Z" level=error msg="Error obtaining certificate: acme: Error -> One or more domains had a problem:\n[qa.mydomain.com] error presenting token: googlecloud: googleapi: Error 409: The resource 'entity.change.additions[0].rrdata[1]' named '\"VuOLZS3tfLfrOswFtV3mayqOYaz5PvQK16nJdgMdMez\"' already exists, alreadyExists\n"
time="2018-11-01T11:46:41Z" level=error msg="Unable to obtain ACME certificate for domains \"*.qa.mydomain.com,qa.mydomain.com\" : unable to generate a certificate for the domains [*.qa.mydomain.com qa.mydomain.com]: acme: Error -> One or more domains had a problem:\n[qa.mydomain.com] error presenting token: googlecloud: googleapi: Error 409: The resource 'entity.change.additions[0].rrdata[1]' named '\"VuOLZS3tfLfrOswFtV3mayqOYaz5PvQK16nJdgMdMez\"' already exists, alreadyExists\n"
time="2018-11-01T11:46:41Z" level=error msg="Error obtaining certificate: acme: Error -> One or more domains had a problem:\n[development.mydomain.com] error presenting token: googlecloud: googleapi: Error 409: The resource 'entity.change.additions[0].rrdata[1]' named '\"Jfv6orVfbwi0IdQbmpvG3qnIltMX5x56vGUpHjoBzOa\"' already exists, alreadyExists\n"
time="2018-11-01T11:46:41Z" level=error msg="Unable to obtain ACME certificate for domains \"*.development.mydomain.com,development.mydomain.com\" : unable to generate a certificate for the domains [*.development.mydomain.com development.mydomain.com]: acme: Error -> One or more domains had a problem:\n[development.mydomain.com] error presenting token: googlecloud: googleapi: Error 409: The resource 'entity.change.additions[0].rrdata[1]' named '\"Jfv6orVfbwi0IdQbmpvG3qnIltMX5x56vGUpHjoBzOa\"' already exists, alreadyExists\n"

The acme configuration:

[acme]
  email = "[email protected]"
  storage = "/acme-certificates/acme.json"
  acmeLogging = true
  entryPoint = "https"

[acme.dnsChallenge]
  provider = "gcloud"

[[acme.domains]]
  main = "*.development.mydomain.com"
  sans = ["development.mydomain.com"]

[[acme.domains]]
  main = "*.qa.mydomain.com"
  sans = ["qa.mydomain.com"]
Solution

  • Logged as traefik bug, patched and closed.