adding hurricane wildcard cert

traefik/docker-compose.traefik.yml

@@ -13,10 +13,15 @@ services:
       - '--entrypoints.web.http.redirections.entrypoint.to=websecure'
       - '--entrypoints.websecure.address=:${TRAEFIK_WEBSECURE_ENTRYPOINT:-443}'
       # Let's Encrypt
-      - '--certificatesresolvers.myresolver.acme.email=${ROOT_EMAIL:-changeme@changeme.org}'
-      - '--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web'
-      - '--certificatesresolvers.myresolver.acme.httpchallenge=true'
-      - '--entrypoints.websecure.http.tls.certresolver=myresolver'
+      # Add dns-hurricane as default certresolver for all services. Also enables TLS and no need to specify on individual services
+      - --entrypoints.https.http.tls.certresolver=dns-hurricane
+      - --entrypoints.https.http.tls.domains[0].main=$DOMAINNAME_CLOUD_SERVER
+      - --entrypoints.https.http.tls.domains[0].sans=*.$DOMAINNAME_CLOUD_SERVER
+      - --certificatesResolvers.dns-hurricane.acme.email=$HURRICANE_EMAIL
+      - --certificatesResolvers.dns-hurricane.acme.storage=/acme.json
+      - --certificatesResolvers.dns-hurricane.acme.dnsChallenge.provider=hurricane
+      - --certificatesResolvers.dns-hurricane.acme.dnsChallenge.resolvers=1.1.1.1:53,1.0.0.1:53
+      - --certificatesResolvers.dns-hurricane.acme.dnsChallenge.delayBeforeCheck=90 # To delay DNS check and reduce LE hitrate
       # HTTP/3
       - '--experimental.http3=true'
       - '--entrypoints.websecure.http3'
@@ -39,6 +44,7 @@ services:
       - '--providers.file.watch=true'
     environment:
       - 'TZ=${TZ:-Europe/Paris}'
+      - 'HURRICANE_TOKENS'
     healthcheck:
       test: ['CMD', 'traefik', 'healthcheck', '--ping']
     labels:
@@ -60,3 +66,4 @@ services:
       - '/var/run/docker.sock:/var/run/docker.sock'
       - './logs:/logs'
       - './dynamic_conf:/dynamic_conf'
+      - './acme/acme.json:/acme.json' # cert location - you must create this emtpy file and change permissions to 600