First a disclaimer - I belive this is a bug but my issue got closed on github with suggestion to go here instead.
What did you do?
I tried to configure a minimal Traefik setup with docker-compose and a single traefik.yml configuration. Traefik is intended to serve a single letsencrypt wildcard certificate validated via Digitaloceans DNS API for any request. Any container is to be picked up by labels and using get a hostname using a defaultRule configuration.
What did you see instead?
No connections went towards the digital ocean api nor towards letsencrypt. It seemed Traefik was not seeing the need for the certificate and the acme.json stays empty.
Moving tls configuration to a dynamic file loaded via file provider works properly.
A full example is available in my git repo:
- static config that does not work in the branch static
- dynamic config that does work in the main branch
What version of Traefik are you using?
3.2.0 (but same was replicated with different versions of 3.1.x)
What is your environment & configuration?
docker-compose on ubuntu LTS. This is the gist of the config.
..
tls:
options:
default:
minVersion: VersionTLS12
stores:
default:
defaultGeneratedCert:
resolver: myresolver
domain:
main: "*.example.com"
providers:
docker:
exposedByDefault: false
defaultRule: "Host(`{{ index .Labels \"com.docker.compose.service\" }}.example.com`)"
certificatesResolvers:
myresolver:
acme:
email: john.doe@example.com
storage: /acme.json
dnsChallenge:
provider: digitalocean
resolvers:
- "1.1.1.1:53"
- "8.8.8.8:53"
disablePropagationCheck: true