多年来，我快速浏览了有关连接松动的Docker错误，似乎一团糟: https://github.com/moby/moby/issues/15172 Hello!I am having issues finding out the reason why I am getting this error. Tried googling it.It seems to be an issue with dns lookup from the container.Error in traefik log:time="2020-01-30T12:12:12+01:00" level=error msg="Unable to obtain ACME certificate for domains \"traefik.xyz.se\": cannot get ACME client get directory at 'https://acme-v02.api.letsencrypt.org/directory': Get https://acme-v02.api.letsencrypt.org/directory: dial tcp: lookup acme-v02.api.letsencrypt.org on 127.0.0.11:53: read udp 127.0.0.1:54773->127.0.0.11:53: i/o timeout" providerName=cloudflare.acme routerName=traefik-secure@docker rule="Host(`traefik.xyz.se`)"time="2020-01-30T12:12:32+01:00" level=error msg="Unable to obtain ACME certificate for domains \"hivemq.xyz.se\": cannot get ACME client get directory at 'https://acme-v02.api.letsencrypt.org/directory': Get https://acme-v02.api.letsencrypt.org/directory: dial tcp: lookup acme-v02.api.letsencrypt.org on 127.0.0.11:53: read udp 127.0.0.1:53671->127.0.0.11:53: i/o timeout" rule="Host(`hivemq.xyz.se`)" providerName=cloudflare.acme routerName=hivemq-secure@dockerUnable to lookup google from within traefik container. Don't know if this is working as intended?/o/a/traefik> docker exec -it traefik /bin/sh/ # nslookup google.senslookup: can't resolve '(null)': Name does not resolvenslookup: can't resolve 'google.se': Try again/ #Traefik docker-compose.yamlversion: '3'services: traefik: image: traefik:v2.1 container_name: traefik restart: unless-stopped security_opt: - no-new-privileges:true networks: - proxy ports: - 80:80 - 443:443 environment: - CF_API_EMAIL=redacted - CF_API_KEY=redacted volumes: - /etc/localtime:/etc/localtime:ro - /var/run/docker.sock:/var/run/docker.sock:ro - ./data/traefik.yml:/traefik.yml:ro - ./data/acme.json:/acme.json - ./data/config.yml:/config.yml:ro labels: - "traefik.enable=true" - "traefik.http.routers.traefik.entrypoints=http" - "traefik.http.routers.traefik.rule=Host(`traefik.xyz.se`)" - "traefik.http.middlewares.traefik-auth.basicauth.users=redacted" - "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https" - "traefik.http.routers.traefik.middlewares=traefik-https-redirect" - "traefik.http.routers.traefik-secure.entrypoints=https" - "traefik.http.routers.traefik-secure.rule=Host(`traefik.xyz.se`)" - "traefik.http.routers.traefik-secure.middlewares=traefik-auth" - "traefik.http.routers.traefik-secure.tls=true" - "traefik.http.routers.traefik-secure.tls.certresolver=cloudflare" - "traefik.http.routers.traefik-secure.tls.domains[0].main=xyz.se" - "traefik.http.routers.traefik-secure.tls.domains[0].sans=*.xyz.se" - "traefik.http.routers.traefik-secure.service=api@internal" networks: proxy: external: truedata/traefik.yml:api: dashboard: true debug: trueentryPoints: http: address: ":80" https: address: ":443"providers: docker: endpoint: "unix:///var/run/docker.sock" exposedByDefault: false file: filename: /config.ymlcertificatesResolvers: cloudflare: acme: email: redacted storage: acme.json dnsChallenge: provider: cloudflare delayBeforeCheck: 0 resolvers: - "1.1.1.1:53" - "8.8.8.8:53"Service example (hivemq) docker-compose.yml:version: "3"services: hivemq: image: hivemq/hivemq4 container_name: hivemq restart: unless-stopped security_opt: - no-new-privileges:true ports: - 1883:1883 volumes: - /etc/localtime:/etc/localtime:ro - /etc/timezone:/etc/timezone:ro labels: - "traefik.enable=true" - "traefik.http.routers.hivemq.entrypoints=http" - "traefik.http.routers.hivemq.rule=Host(`hivemq.xyz.se`)" - "traefik.http.routers.hivemq.middlewares=https-redirect@file" - "traefik.http.routers.hivemq-secure.middlewares=secured@file" - "traefik.http.routers.hivemq-secure.entrypoints=https" - "traefik.http.routers.hivemq-secure.rule=Host(`hivemq.xyz.se`)" - "traefik.http.routers.hivemq-secure.tls=true" - "traefik.http.routers.hivemq-secure.service=hivemq" - "traefik.http.services.hivemq.loadbalancer.server.port=8080" - "traefik.docker.network=proxy" networks: - internal - proxynetworks: proxy: external: true internal: external: falseI have also tried reinstalling docker-ce, didn't help. 解决方案 I had a similar issue and it was due to a bug of Docker: all my containers had lost their connection to the internet but they were all already removed for maintenance puprose so I couldn't see it.In the logs, cannot get ACME client get directory means that Traefik cannot connect to Let's Encrypt url.I fixed it by:Removing Traefik stackPruning networks so traefik-public was removed Restarting Docker serviceIf it's not enough, you can try these:Try to restart the Docker Engine, which will reset any iptables rules (assuming you are using Docker on Linux)Try to restart your whole machineTry to disable (temporary) the firewall of your machine to verify that it fixes the issueAs mentioned here: https://community.containo.us/t/cannot-create-renew-acme-certificate-cannot-get-acme-client-get-directory/2469/2I gave a rapid look around concerning Docker bugs about loosing connection and seems to be a mess, for years: https://github.com/moby/moby/issues/15172 这篇关于ACME证书因Traefik超时的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！