ACME not working/ starting

TimoStroehlein · March 26, 2021, 9:53am

Hi everyone,

im currently trying to setup letsencrypt certificates with the dns provider cloudflare over dns challenge. But it seems like that traefik doesn't even start the acme provider, because the only message regarding acme is:

Starting provider *acme.ChallengeTLSALPN {\"Timeout\":4000000000}

Instead I expect traefik to log something similar to:

Starting provider *acme.Provider {\"caServer\":\"https://acme-staging-v02.api.letsencrypt.org/directory\",....}

And also cloudflare should be mentioned in the logs somehow. It also seems like that traefik isn't even using DNS Challenge, instead it's using TLS challenge.

Here are my complete logs:

traefik    | time="2021-03-26T09:15:03Z" level=info msg="Configuration loaded from file: /etc/traefik/traefik.yml"
traefik    | time="2021-03-26T09:15:03Z" level=info msg="Traefik version 2.4.8 built on 2021-03-23T15:48:39Z"
traefik    | time="2021-03-26T09:15:03Z" level=debug msg="Static configuration loaded {\"global\":{\"checkNewVersion\":true},\"serversTransport\":{\"maxIdleConnsPerHost\":200},\"entryPoints\":{\"traefik\":{\"address\":\":8080\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":10000000000},\"respondingTimeouts\":{\"idleTimeout\":180000000000}},\"forwardedHeaders\":{},\"http\":{}},\"web\":{\"address\":\":80\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":10000000000},\"respondingTimeouts\":{\"idleTimeout\":180000000000}},\"forwardedHeaders\":{},\"http\":{}},\"websecure\":{\"address\":\":443\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":10000000000},\"respondingTimeouts\":{\"idleTimeout\":180000000000}},\"forwardedHeaders\":{},\"http\":{}}},\"providers\":{\"providersThrottleDuration\":2000000000,\"docker\":{\"watch\":true,\"endpoint\":\"unix:///var/run/docker.sock\",\"defaultRule\":\"Host(`{{ normalize .Name }}`)\",\"swarmModeRefreshSeconds\":15000000000}},\"api\":{\"insecure\":true,\"dashboard\":true},\"log\":{\"level\":\"DEBUG\",\"format\":\"common\"},\"pilot\":{\"dashboard\":true}}"
traefik    | time="2021-03-26T09:15:03Z" level=info msg="\nStats collection is disabled.\nHelp us improve Traefik by turning this feature on :)\nMore details on: https://doc.traefik.io/traefik/contributing/data-collection/\n"
traefik    | time="2021-03-26T09:15:03Z" level=info msg="Starting provider aggregator.ProviderAggregator {}"
traefik    | time="2021-03-26T09:15:03Z" level=debug msg="Start TCP Server" entryPointName=web
traefik    | time="2021-03-26T09:15:03Z" level=debug msg="Start TCP Server" entryPointName=traefik
traefik    | time="2021-03-26T09:15:03Z" level=debug msg="Start TCP Server" entryPointName=websecure
traefik    | time="2021-03-26T09:15:03Z" level=info msg="Starting provider *traefik.Provider {}"
traefik    | time="2021-03-26T09:15:03Z" level=info msg="Starting provider *acme.ChallengeTLSALPN {\"Timeout\":4000000000}"
traefik    | time="2021-03-26T09:15:03Z" level=info msg="Starting provider *docker.Provider {\"watch\":true,\"endpoint\":\"unix:///var/run/docker.sock\",\"defaultRule\":\"Host(`{{ normalize .Name }}`)\",\"swarmModeRefreshSeconds\":15000000000}"
traefik    | time="2021-03-26T09:15:03Z" level=debug msg="Configuration received from provider internal: {\"http\":{\"routers\":{\"api\":{\"entryPoints\":[\"traefik\"],\"service\":\"api@internal\",\"rule\":\"PathPrefix(`/api`)\",\"priority\":2147483646},\"dashboard\":{\"entryPoints\":[\"traefik\"],\"middlewares\":[\"dashboard_redirect@internal\",\"dashboard_stripprefix@internal\"],\"service\":\"dashboard@internal\",\"rule\":\"PathPrefix(`/`)\",\"priority\":2147483645}},\"services\":{\"api\":{},\"dashboard\":{},\"noop\":{}},\"middlewares\":{\"dashboard_redirect\":{\"redirectRegex\":{\"regex\":\"^(http:\\\\/\\\\/(\\\\[[\\\\w:.]+\\\\]|[\\\\w\\\\._-]+)(:\\\\d+)?)\\\\/$\",\"replacement\":\"${1}/dashboard/\",\"permanent\":true}},\"dashboard_stripprefix\":{\"stripPrefix\":{\"prefixes\":[\"/dashboard/\",\"/dashboard\"]}}},\"serversTransports\":{\"default\":{\"maxIdleConnsPerHost\":200}}},\"tcp\":{},\"tls\":{}}" providerName=internal
traefik    | time="2021-03-26T09:15:03Z" level=debug msg="Added outgoing tracing middleware api@internal" entryPointName=traefik routerName=api@internal middlewareName=tracing middlewareType=TracingForwarder
traefik    | time="2021-03-26T09:15:03Z" level=debug msg="Added outgoing tracing middleware dashboard@internal" middlewareType=TracingForwarder routerName=dashboard@internal entryPointName=traefik middlewareName=tracing
traefik    | time="2021-03-26T09:15:03Z" level=debug msg="Creating middleware" entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_stripprefix@internal middlewareType=StripPrefix
traefik    | time="2021-03-26T09:15:03Z" level=debug msg="Adding tracing to middleware" entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_stripprefix@internal
traefik    | time="2021-03-26T09:15:03Z" level=debug msg="Creating middleware" entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_redirect@internal middlewareType=RedirectRegex
traefik    | time="2021-03-26T09:15:03Z" level=debug msg="Setting up redirection from ^(http:\\/\\/(\\[[\\w:.]+\\]|[\\w\\._-]+)(:\\d+)?)\\/$ to ${1}/dashboard/" entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_redirect@internal middlewareType=RedirectRegex
traefik    | time="2021-03-26T09:15:03Z" level=debug msg="Adding tracing to middleware" entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_redirect@internal
traefik    | time="2021-03-26T09:15:03Z" level=debug msg="Creating middleware" entryPointName=traefik middlewareName=traefik-internal-recovery middlewareType=Recovery
traefik    | time="2021-03-26T09:15:03Z" level=debug msg="No default certificate, generating one"
traefik    | time="2021-03-26T09:15:03Z" level=debug msg="Provider connection established with docker 19.03.8 (API 1.40)" providerName=docker
traefik    | time="2021-03-26T09:15:03Z" level=debug msg="Filtering disabled container" providerName=docker container=traefik-traefik-bc33b754b2355a5d3b65b3eb190cf5bdbfe4a134f0b6f12547af35f50d4196dc
traefik    | time="2021-03-26T09:15:03Z" level=debug msg="Filtering disabled container" providerName=docker container=portainer-4b16cb075dc496abcf7533a9e791ef10c7920c15993ccbccf7eb519124f6508c
traefik    | time="2021-03-26T09:15:03Z" level=debug msg="Configuration received from provider docker: {\"http\":{\"routers\":{\"gitlab\":{\"entryPoints\":[\"websecure\"],\"service\":\"gitlab\",\"rule\":\"Host(`gitlab.myrealdomain.com`)\",\"tls\":{\"certResolver\":\"letsencrypt\"}},\"whoami\":{\"entryPoints\":[\"websecure\"],\"service\":\"whoami-traefik\",\"rule\":\"Host(`whoami.myrealdomain.com`)\",\"tls\":{\"certResolver\":\"letsencrypt\",\"domains\":[{\"main\":\"myrealdomain.com\",\"sans\":[\"*.myrealdomain.com\"]}]}}},\"services\":{\"gitlab\":{\"loadBalancer\":{\"servers\":[{\"url\":\"http://172.28.0.4:50443\"}],\"passHostHeader\":true}},\"whoami-traefik\":{\"loadBalancer\":{\"servers\":[{\"url\":\"http://172.28.0.2:80\"}],\"passHostHeader\":true}}}},\"tcp\":{},\"udp\":{}}" providerName=docker
traefik    | time="2021-03-26T09:15:04Z" level=debug msg="No default certificate, generating one"
traefik    | time="2021-03-26T09:15:06Z" level=debug msg="Added outgoing tracing middleware api@internal" entryPointName=traefik routerName=api@internal middlewareName=tracing middlewareType=TracingForwarder
traefik    | time="2021-03-26T09:15:06Z" level=debug msg="Added outgoing tracing middleware dashboard@internal" routerName=dashboard@internal middlewareType=TracingForwarder middlewareName=tracing entryPointName=traefik
traefik    | time="2021-03-26T09:15:06Z" level=debug msg="Creating middleware" entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_stripprefix@internal middlewareType=StripPrefix
traefik    | time="2021-03-26T09:15:06Z" level=debug msg="Adding tracing to middleware" routerName=dashboard@internal middlewareName=dashboard_stripprefix@internal entryPointName=traefik
traefik    | time="2021-03-26T09:15:06Z" level=debug msg="Creating middleware" routerName=dashboard@internal middlewareName=dashboard_redirect@internal middlewareType=RedirectRegex entryPointName=traefik
traefik    | time="2021-03-26T09:15:06Z" level=debug msg="Setting up redirection from ^(http:\\/\\/(\\[[\\w:.]+\\]|[\\w\\._-]+)(:\\d+)?)\\/$ to ${1}/dashboard/" middlewareName=dashboard_redirect@internal middlewareType=RedirectRegex entryPointName=traefik routerName=dashboard@internal
traefik    | time="2021-03-26T09:15:06Z" level=debug msg="Adding tracing to middleware" entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_redirect@internal
traefik    | time="2021-03-26T09:15:06Z" level=debug msg="Creating middleware" entryPointName=traefik middlewareName=traefik-internal-recovery middlewareType=Recovery
traefik    | time="2021-03-26T09:15:06Z" level=debug msg="Creating middleware" middlewareType=Pipelining entryPointName=websecure routerName=gitlab@docker serviceName=gitlab middlewareName=pipelining
traefik    | time="2021-03-26T09:15:06Z" level=debug msg="Creating load-balancer" routerName=gitlab@docker serviceName=gitlab entryPointName=websecure
traefik    | time="2021-03-26T09:15:06Z" level=debug msg="Creating server 0 http://172.28.0.4:50443" serverName=0 entryPointName=websecure routerName=gitlab@docker serviceName=gitlab
traefik    | time="2021-03-26T09:15:06Z" level=debug msg="Added outgoing tracing middleware gitlab" entryPointName=websecure routerName=gitlab@docker middlewareName=tracing middlewareType=TracingForwarder
traefik    | time="2021-03-26T09:15:06Z" level=debug msg="Creating middleware" middlewareType=Pipelining entryPointName=websecure routerName=whoami@docker serviceName=whoami-traefik middlewareName=pipelining
traefik    | time="2021-03-26T09:15:06Z" level=debug msg="Creating load-balancer" routerName=whoami@docker serviceName=whoami-traefik entryPointName=websecure
traefik    | time="2021-03-26T09:15:06Z" level=debug msg="Creating server 0 http://172.28.0.2:80" routerName=whoami@docker serviceName=whoami-traefik entryPointName=websecure serverName=0
traefik    | time="2021-03-26T09:15:06Z" level=debug msg="Added outgoing tracing middleware whoami-traefik" routerName=whoami@docker middlewareName=tracing middlewareType=TracingForwarder entryPointName=websecure
traefik    | time="2021-03-26T09:15:06Z" level=debug msg="Creating middleware" middlewareType=Recovery entryPointName=websecure middlewareName=traefik-internal-recovery
traefik    | time="2021-03-26T09:15:06Z" level=debug msg="No default certificate, generating one"
traefik    | time="2021-03-26T09:15:07Z" level=debug msg="No default certificate, generating one"
traefik    | time="2021-03-26T09:15:08Z" level=debug msg="Adding route for myrealdomain.com with TLS options default" entryPointName=websecure
traefik    | time="2021-03-26T09:15:08Z" level=debug msg="Adding route for whoami.myrealdomain.com with TLS options default" entryPointName=websecure
traefik    | time="2021-03-26T09:15:08Z" level=error msg="the router gitlab@docker uses a non-existent resolver: letsencrypt"
traefik    | time="2021-03-26T09:15:08Z" level=error msg="the router whoami@docker uses a non-existent resolver: letsencrypt"

traefik.yml

log:
  level: DEBUG

api:
  insecure: true
  dashboard: true

providers:
  docker:
    exposedByDefault: false

entrypoints:
  web:
    address: ":80"
  websecure:
    address: ":443"

certificateResolvers:
  letsencrypt:
    acme:
      email: "myrealemail@domain.com"
      storage: "/etc/traefik/acme/acme.json"
      caServer: "https://acme-staging-v02.api.letsencrypt.org/directory"
      dnsChallenge:
        provider: cloudflare
        delayBeforeCheck: 10

docker-compose.yml

version: "3.5"

services:
  traefik:
    image: "traefik:latest"
    container_name: "traefik"
    environment:
      - CLOUDFLARE_EMAIL=myrealemail@domain.com
      - CLOUDFLARE_API_KEY=myrealapikey
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    volumes:
      - "./acme/acme.json:/etc/traefik/acme/acme.json:rw"
      - "./traefik.yml:/etc/traefik/traefik.yml"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
    networks:
      - default

  whoami:
    image: "traefik/whoami"
    container_name: "simple-service"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.whoami.rule=Host(`whoami.myrealdomain.com`)"
      - "traefik.http.routers.whoami.entrypoints=websecure"
      - "traefik.http.routers.whoami.tls.domains[0].main=myrealdomain.com"
      - "traefik.http.routers.whoami.tls.domains[0].sans=*.myrealdomain.com"
      - "traefik.http.routers.whoami.tls.certresolver=letsencrypt"
      - "traefik.http.routers.whoami.tls=true"
    networks:
      - default

networks:
  default:
    name: traefik_proxy

I have currently no more ideas, what the problem could be. I hope someone can help me.

Greetings

cakiwi · March 26, 2021, 12:38pm

The key in your static configuration needs to be certificatesResolvers: there is an s missing in yours.

TimoStroehlein · March 26, 2021, 4:03pm

Thank you so much, I spent way too much time trying to find this issue. Now everything works as expected.

system · March 29, 2021, 4:04pm

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
DNS-01 challenge not working (No TXT record found) Traefik v2 (latest) letsencrypt-acme	1	362	January 22, 2023
Letsencrypt-acme dns challenge with provider duckdns Traefik v2 (latest) letsencrypt-acme	2	3649	April 3, 2021
Issue with acme-challenge using Cloudflare DNS Traefik v2 (latest) docker , letsencrypt-acme	4	125	March 25, 2024
Waiting for DNS record propagation with CloudFlare Traefik v2 (latest) docker , letsencrypt-acme	25	3406	November 22, 2022
Lets encrypt dns challenge via traefik docker compose (problem only on arch) Traefik v2 (latest) letsencrypt-acme	6	2038	May 28, 2023

ACME not working/ starting

Related Topics