| 5 May 2025 |
 netpleb | * in essence though, as soon as I comment out the security.acme.certs... config above, the container boots up in a couple seconds and can ping various ips and even resolve hostnames with the local BIND instance, whereas with the acme config in place it takes a couple minutes to boot since it has to wait for acme to timeout. In the interim no pinging or hostname lookups even work. I have tried for days now to figure out how to move the acme renewal process way later, but nothing seems to work. | 18:48:20 |
| netpleb | (sorry for so many messages), I have continued to investigate and it seems that the root cause is that the host machine does not provide the network/routes to the container until late (possibly even after?) the container is done booting. So because of this, acme stalls the boot process. So far the only thing that has sort of worked, but is very not-clean, is for me to just put serviceConfig.TimeoutStartSec = "20s"; on the various acme-<domain>.service units. | 20:18:57 |
| 6 May 2025 |
 m1cr0man | Sorry - only seeing your messages now. I believe a fix for this does exist in the wild, I vaguely remember running into it a few years ago. Let me do some digging | 20:36:18 |
| m1cr0man | In the mean time netpleb - can you provide the following info from within the container:
- Logs of acme-$cert.service redacted as necessary
- Output of
systemctl list-dependencies acme-$cert.service
- Output of
systemctl list-dependencies bind.service
| 20:40:38 |
