404 error for ACME

randomairborne · June 4, 2022, 4:35pm

I've been trying to set up ACME and a new website, however i'm having a few issues. I can't connect to the website over HTTP or HTTPS (i just get a 404) and ACME fails with Unauthorized due to 404. This goes for every website i have set up.

Compose files:

github.com

randomairborne/giveip/blob/master/compose.yml

version: "3.4"
services:
  giveip:
    image: ghcr.io/randomairborne/giveip
    restart: always
    networks:
      - proxy
    ports:
      - "8080:8080"
    deploy:
      labels:
        traefik.enable: "true"
        traefik.http.routers.giveip.rule: Host(`giveip.io`) || Host(`www.giveip.io`) || Host(`v4.giveip.io`) || Host(`v6.giveip.io`)
        traefik.http.routers.giveip.entrypoints: https
        traefik.http.routers.giveip.tls.certresolver: letsencrypt
        traefik.http.services.giveip.loadbalancer.server.port: 8080
        traefik.http.middlewares.giveip-mw.headers.accesscontrolalloworiginlist: https://giveip.io,https://www.giveip.io
        traefik.http.routers.giveip.middlewares: giveip-mw
        traefik.http.routers.giveip-plaintext.rule: Host(`giveip.io`) || Host(`www.giveip.io`) || Host(`v4.giveip.io`) || Host(`v6.giveip.io`)
        traefik.http.routers.giveip-plaintext.entrypoints: http

This file has been truncated. show original

github.com

randomairborne/mcping/blob/main/compose.yml

version: "3.7"
services:
  mcping:
    image: ghcr.io/randomairborne/mcping
    restart: always
    networks:
      - proxy
    deploy:
      labels:
        traefik.enable: "true"
        traefik.http.routers.mcping.rule: Host(`${HOST}`) || Host(`www.${HOST}`)
        traefik.http.routers.mcping.entrypoints: https
        traefik.http.routers.mcping.tls.certresolver: letsencrypt
        traefik.http.services.mcping.loadbalancer.server.port: 8080

networks:
  proxy:
    external: true

github.com

randomairborne/pastebot/blob/main/compose.yml

version: "3.7"
services:
  api:
    image: ghcr.io/randomairborne/pastebot-api
    ports:
      - ":8080"
    networks:
      - proxy
    deploy:
      labels:
        traefik.enable: "true"
        traefik.http.services.pbotapi.loadbalancer.server.port: 8080
        traefik.http.routers.pbotapi.rule: Host(`api.${PASTEBIN}`)
        traefik.http.routers.pbotapi.entrypoints: https
        traefik.http.routers.pbotapi.tls.certresolver: letsencrypt
        traefik.http.routers.pbotapi-insecure.rule: Host(`api.${PASTEBIN}`)
        traefik.http.routers.pbotapi-insecure.entrypoints: http
        traefik.http.middlewares.https-redirect.redirectscheme.scheme: https
        traefik.http.middlewares.https-redirect.redirectscheme.permanent: "true"
        traefik.http.middlewares.pbotapi-mw.headers.accesscontrolalloworiginlist: https://${PASTEBIN}

This file has been truncated. show original

Compose for Traefik:

version: '3.7'

services:
  traefik:
    image: traefik:v2.7
    ports:
      - target: 80
        published: 80
        mode: host
      - target: 443
        published: 443
        mode: host
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /etc/traefik/acme/acme.json:/acme.json 
    networks:
      - proxy
    deploy:
      labels:
        - traefik.enable=false

    command:
      - --log.level=DEBUG
      - --providers.docker
      - --providers.docker.swarmmode=true
      - --providers.docker.network=proxy
      - --entrypoints.http=true
      - --entrypoints.http.address=:80
      - --entrypoints.http.http.tls.options
      - --entrypoints.https=true
      - --entrypoints.https.address=:443
      - --entrypoints.https.http.tls.options
      - --certificatesresolvers.letsencrypt=true
      - --certificatesresolvers.letsencrypt.storage
      - --certificatesresolvers.letsencrypt.acme.httpchallenge=true
      - --certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=http
      - --certificatesresolvers.letsencrypt.acme.email=me@mywebsite.com
      
networks:
  proxy:
    external: true

This is running on a Docker Swarm controlled by Portainer.

randomairborne · June 10, 2022, 2:20pm

i don’t have dashboard enabled, because apparently having that in production is not good

jakubhajek · June 10, 2022, 2:34pm

Technically speaking, having a dashboard running on production does not have any side effects for your environment concerning all aspects e.g. performance, security etc. Once you have the dashboard protected there is no risk with having that deployed in any environment.

Please let me know your thoughts.

randomairborne · June 10, 2022, 3:20pm

oh. i was just providing more information, someone elsewhere suggested i check that, so i’m working on it just in case. my original problem is above

randomairborne · June 10, 2022, 3:40pm

looking on the acme-http router in the dashboard, it’s getting an error: “unknown TLS options: true@internal“

randomairborne · June 10, 2022, 5:14pm

I fixed this by explicitly disabling TLS on the HTTP router, but i don’t quite understand why i had to

Topic		Replies	Views
Traefik not accessible / acme error Traefik v2 docker , docker-swarm , dashboard-api , letsencrypt-acme	1	830	September 25, 2022
Acme: error: 403 :: urn:ietf:params:acme:error:unauthorized: Traefik v2 docker , letsencrypt-acme	4	3396	December 6, 2023
Letsencrypt acme ends in 404 Traefik v2 docker-swarm , letsencrypt-acme	4	5269	February 10, 2021
ACME certificates not created for dashboard only with swarm [Traefik 2.2.0] Traefik v2 docker-swarm , letsencrypt-acme	0	363	April 30, 2020
All services return 404 Traefik v2 docker	6	4078	April 26, 2022

404 error for ACME

Related topics