ACME certresolver does not look domain from router rule Host

beaufils · June 24, 2020, 12:04pm

Hi,

I try to use traefik v2.2 on a docker-compose file but get strange behavior.

Traefik is not using the host name I want to generate a Let's Encrypt certificate. It instead try to construct the hostname as if the router.rule Host has not been seen.

Here is my docker-compose.yml

version: '3'
services:

  nextcloud:
    image: nextcloud:18-apache
    container_name: nextcloud
    restart: always
    volumes:
      - nextcloud:/var/www/html
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.nextcloud.rule=Host(`somehost.example.com`)"
      - "traefik.http.routers.nextcloud.entrypoints=web-secure"
      - "traefik.http.routers.nextcloud.tls=true"
      - "traefik.http.routers.nexctloud.tls.certresolver=le"
      - "traefik.http.routers.nextcloud.middlewares=nextcloud-caldav@docker"
      - "traefik.http.middlewares.nextcloud-caldav.redirectregex.permanent=true"
      - "traefik.http.middlewares.nextcloud-caldav.redirectregex.regex=^https://(.*)/.well-known/(card|cal)dav"
      - "traefik.http.middlewares.nextcloud-caldav.redirectregex.replacement=https://$${1}/remote.php/dav/"
      - "traefik.http.routers.nextcloud-http.rule=Host(`somehost.example.com`)"
      - "traefik.http.routers.nextcloud-http.entrypoints=web"
      - "traefik.http.routers.nextcloud-http.middlewares=https-redirect@docker"
      - "traefik.http.middlewares.https-redirect.redirectscheme.scheme=https"
      - "traefik.http.middlewares.https-redirect.redirectscheme.permanent=true"

  traefik:
    image: traefik:v2.2
    container_name: traefik
    restart: always
    command:
      - --log.level=INFO
      - --providers.docker=true
      - --providers.docker.exposedByDefault=false
      - --entryPoints.web.address=:80
      - --entrypoints.web.http.redirections.entryPoint.to=web-secure
      - --entrypoints.web.http.redirections.entryPoint.scheme=https
      - --entryPoints.web-secure.address=:443
      - --certificatesResolvers.le.acme.email=mymail@example.com
      - --certificatesResolvers.le.acme.storage=acme.json
      - --certificatesresolvers.le.acme.httpchallenge=true
      - --certificatesresolvers.le.acme.httpchallenge.entrypoint=web
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./acme.json:/acme.json
    labels:
      - "traefik.enable=false"

volumes:
  nextcloud:

networks:
  default:
    driver: bridge

Doc seems explicit about the domain used : https://docs.traefik.io/v2.2/https/acme/#domain-definition but experience seems to prove this is not effective.

What did I do wrongly?

cakiwi · June 24, 2020, 12:07pm

Typo in the router name for this line.

beaufils · June 24, 2020, 12:14pm

Thank's a lot, you save my day

I'll get some rest and maybe some new eye and fingers.

Topic		Replies	Views
Router uses a non-existent certificate resolver Traefik v3 (latest) docker , letsencrypt-acme	2	957	May 25, 2024
No ACME certification creation Traefik v2 docker , letsencrypt-acme	2	1787	September 18, 2019
Traefik issues default certificate Traefik v2 docker , letsencrypt-acme	13	3377	June 19, 2023
V2.2.1: Router uses a non-existing resolver Traefik v2 letsencrypt-acme	1	1399	June 9, 2020
CN=TRAEFIK DEFAULT CERT despite certificates correctly generating Traefik v2 docker , letsencrypt-acme , cli	22	2139	February 2, 2024

ACME certresolver does not look domain from router rule Host

Related topics