Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Docker Traefik and letsencrypt wildcard

Tags:

docker

lets-encrypt

traefik

I've been trying to get traefik to install wildcard cert on my domain which requires dns challenge from reading the logs it seems it was able to actually issue the cert but not install them correctly

time="2018-04-07T19:10:35Z" level=debug msg="Unable to marshal provider conf *acme.Provider with error: json: unsupported type: chan *acme.StoredData"
legolog: 2018/04/07 19:10:57 [INFO][example.tld] The server validated our request
legolog: 2018/04/07 19:10:58 [INFO][*.example.tld] acme: Validations succeeded; requesting certificates
legolog: 2018/04/07 19:11:01 [INFO][*.example.tld] Server responded with a certificate.
time="2018-04-07T19:11:01Z" level=error msg="Error loading new configuration, aborted unable to generate TLS certificate : tls: failed to find any PEM data in certificate input"
time="2018-04-07T19:12:33Z" level=debug msg="http2: server: error reading preface from client ******omitted***: remote error: tls: unknown certificate authority"

my domain dns provider is cloudflare

here's my docker docker-compose.yml

version: '2'

services:
  traefik:
    image: traefik:1.6.0-rc4
    command: --api --docker
    restart: always
    ports:
      - 80:80
      - 443:443
      - 8080:8080
    networks:
      - web
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /opt/traefik/traefik.toml:/traefik.toml
      - /opt/traefik/acme.json:/acme.json
    environment:
      - [email protected]
      - CLOUDFLARE_API_KEY=
    container_name: traefik

networks:
  web:
    external: true

And my traefik.toml

debug = true

logLevel = "DEBUG"
defaultEntryPoints = ["https","http"]

[entryPoints]
  [entryPoints.http]
  address = ":80"
    [entryPoints.http.redirect]
    entryPoint = "https"
  [entryPoints.https]
  address = ":443"
  [entryPoints.https.tls]

[retry]

[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "example.tld"
watch = true
exposedbydefault = false

[acme]
email = "[email protected]"
storage = "acme.json"
entryPoint = "https"
OnHostRule = true
acmeLogging = true
[acme.dnsChallenge]
  provider = "cloudflare"
  delayBeforeCheck = 0

[[acme.domains]]
   main = "example.tld"
[[acme.domains]]
   main = "*.example.tld"
like image 925
Mouath Avatar asked Apr 07 '18 20:04

Mouath

1 Answers

I was able to fix the issue, it's a mistake on my part.

in the traefik.toml you cannot use OnHostRule = true for wildcards certs

ReadMore: docs.traefik.io/v1.7/configuration/acme/#onhostrule

like image 188
Mouath Avatar answered Sep 22 '22 23:09

Mouath
Sign in to Comment

Related questions

How can I set $PS1 with Dockerfile?
Exclude starting some containers with Docker Compose
How does Docker Swarm load balance?
How to pass command line arguments to a docker image
Random container names when building from the same docker-compose file
Docker Compose CLI Flags
Why might Docker Compose restart be rendering container output an increasing number of times?
echo environment variable with docker run
Mysql container can not mount data to a nfs folder
WARNING: no logs are available with the 'none' log driver
Build docker image in Jenkins (in docker container) pipeline
Control docker-compose in Java
pull access denied for oracle/serverjre
How to automatically stop and remove Docker container on Ctrl+C in terminal/gitbash/powershell/etc.?
Django, GDAL and CircleCI 2
How do I build a static Go binary for the Docker Alpine image?
Docker cp not overwriting files
Difference between VOLUME and RUN mkdir in Dockerfile
Docker version supported in Kubernetes 1.9
Docker COPY Host ${HOME}/.cache to container

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!