Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Docker Traefik and letsencrypt wildcard

I've been trying to get traefik to install wildcard cert on my domain which requires dns challenge from reading the logs it seems it was able to actually issue the cert but not install them correctly

time="2018-04-07T19:10:35Z" level=debug msg="Unable to marshal provider conf *acme.Provider with error: json: unsupported type: chan *acme.StoredData"
legolog: 2018/04/07 19:10:57 [INFO][example.tld] The server validated our request
legolog: 2018/04/07 19:10:58 [INFO][*.example.tld] acme: Validations succeeded; requesting certificates
legolog: 2018/04/07 19:11:01 [INFO][*.example.tld] Server responded with a certificate.
time="2018-04-07T19:11:01Z" level=error msg="Error loading new configuration, aborted unable to generate TLS certificate : tls: failed to find any PEM data in certificate input"
time="2018-04-07T19:12:33Z" level=debug msg="http2: server: error reading preface from client ******omitted***: remote error: tls: unknown certificate authority"

my domain dns provider is cloudflare

here's my docker docker-compose.yml

version: '2'

services:
  traefik:
    image: traefik:1.6.0-rc4
    command: --api --docker
    restart: always
    ports:
      - 80:80
      - 443:443
      - 8080:8080
    networks:
      - web
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /opt/traefik/traefik.toml:/traefik.toml
      - /opt/traefik/acme.json:/acme.json
    environment:
      - [email protected]
      - CLOUDFLARE_API_KEY=
    container_name: traefik

networks:
  web:
    external: true

And my traefik.toml

debug = true

logLevel = "DEBUG"
defaultEntryPoints = ["https","http"]

[entryPoints]
  [entryPoints.http]
  address = ":80"
    [entryPoints.http.redirect]
    entryPoint = "https"
  [entryPoints.https]
  address = ":443"
  [entryPoints.https.tls]

[retry]

[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "example.tld"
watch = true
exposedbydefault = false

[acme]
email = "[email protected]"
storage = "acme.json"
entryPoint = "https"
OnHostRule = true
acmeLogging = true
[acme.dnsChallenge]
  provider = "cloudflare"
  delayBeforeCheck = 0

[[acme.domains]]
   main = "example.tld"
[[acme.domains]]
   main = "*.example.tld"
like image 925
Mouath Avatar asked Apr 07 '18 20:04

Mouath


1 Answers

I was able to fix the issue, it's a mistake on my part.

in the traefik.toml you cannot use OnHostRule = true for wildcards certs

ReadMore: docs.traefik.io/v1.7/configuration/acme/#onhostrule

like image 188
Mouath Avatar answered Sep 22 '22 23:09

Mouath