Hi, I am new to traefik, and struggling with some problems. I am using traefik with docker and getting error cme: error: 403 :: urn:ietf:params:acme:error:unauthorized while trying to get certificate. Full trace
time="2023-01-13T05:31:04Z" level=error msg="Unable to obtain ACME certificate for domains \"cp.dev.platina.uz\": unable to generate a certificate for the domains [cp.dev.platina.uz]: error: one or more domains had a problem:\n[cp.dev.platina.uz] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: 109.205.182.6: Invalid response from https://t.me/Azamat_yamin: \"<!DOCTYPE html>\\n<html>\\n <head>\\n <meta charset=\\\"utf-8\\\">\\n <title>Telegram: Contact @Azamat_yamin</title>\\n <meta name=\\\"vi\", url: \n" routerName=web-secure-router@file rule="Host(`cp.dev.platina.uz`)" providerName=letsencrypt.acme
Traefik splits its configuration into static (entrypoints, certresolver) and dynamic (router, service) configuration.
Static goes into traefik.yml in a default path or using --configFile=/traefik.yml (in command in docker-compose.yml). Alternatively place config as separate parameters under command.
Dynamic config can be loaded by a provider, either from file or from docker via labels.
You have your router in the static config, that does not work.
Note that you do not need to expose you application ports externally, Traefik and your application should just be in the same Docker network. acme.json should be placed in a volume or mounted folder to survive container re-builds, LetsEncrypt has some usage limits you might hit otherwise.
Thanks for anwer and attention.
What should I change in my case ? I am bit confused cause it is first time I use traefik. I do not understand why I am getting 403 error. I followed this tutorial which is the same settings used and worked with no problem.
There is a bunch of stuff not “best practice” looking at your configuration. And I don’t have time to watch the tutorial.
Basic LetsEncrypt needs port 80 or 443 to validate a certificate. You can’t use only 8080 and 4443.
You build your own Traefik container with Dockerfile. Why would you do that? Parallel you also have an image set. If you need a configuration file, you can mount it as folder from host or as volume. Makes it much easier to always use the latest version.
My recommendation: use my last docker-compose.yml and plug in your Django service where whoami is currently, replace label Host with your domain.
I tried to use your docker-compose.yml , but got error service "treafik" refers to undefined network proxy: invalid compose project and created network docker network create -d overlay --attachable proxy, and now getting service "whoami" refers to undefined network proxy: invalid compose project , I have no idea what to do.