Traefik Let's encrypt certificate for domain and hosting on different providers

[edap]

Hello, I am trying to add an ssl certificate to my website using kamal but it's not working. I have a domain bought on register.it (let's called it domain.com) and an hosting on hetzner.com (with IP let's say 65.10.10.10). I have added an A Record on register.it that points to my hosting on Hetzner. Whithout HTTPS, the DNS where correctly redirecting from my domain to my hosting. After I have added the let's encrypt section to my deploy.yml file, the DNS started to point to some Amazon ISP servers (3.33.130.190 - IP Info - AWS Global Accelerator and the same for 15.197.148.33), I think as a consequence of the fact that letsencrypt is not set up properly.

This is my relevant part of the deploy.yml file with let's encrypt enabled (crafted after reading this #112).

servers:
  web:
    hosts:
      - 65.10.10.10
    options:
      network: "private"
    labels:
      traefik.http.routers.catchall.entryPoints: web
      traefik.http.routers.app-mydomain.rule: "Host(`mydomain.com`)"
      traefik.http.routers.app-mydomain.entrypoints: websecure
      traefik.http.routers.app-mydomain.tls: true
      traefik.http.routers.app-mydomain.tls.certresolver: letsencrypt

traefik:
  options:
    network: "private"
    publish:
      - "443:443"
    volume:
      - "/letsencrypt/acme.json:/letsencrypt/acme.json"
  args:
    entryPoints.web.address: ":80"
    entryPoints.websecure.address: ":443"
    entryPoints.web.http.redirections.entryPoint.to: websecure
    entryPoints.web.http.redirections.entryPoint.scheme: https
    entryPoints.web.http.redirections.entrypoint.permanent: true
    certificatesResolvers.letsencrypt.acme.email: "[email protected]"
    certificatesResolvers.letsencrypt.acme.storage: "/letsencrypt/acme.json"
    certificatesResolvers.letsencrypt.acme.httpchallenge: true
    certificatesResolvers.letsencrypt.acme.httpchallenge.entrypoint: web

The /letsencrypt/acme.json file is populated after the deploy, has 600 permissions and belongs to the same user running docker and kamal.

Port 80 for my ip 65.10.10.10 is open, I can verify with ncat.
PORT STATE SERVICE
80/tcp open http

Also, I am aware that I could use the DNS challenge, but my provider does not have an API to update the TXT record, therefore I would like to avoid it, if possible.

Any idea about what am I doing wrong?

[edap]

weirdly enough, it started to work. It was probably some DNS caching