I have a private certificate which I use for the internal network. If I don't set any ACME config in traefik it works perfectly fine but when I add ACME configuration for a different domain (the company's public one) it tries to get certificates for both domains.
Working configuration without ACME:
traefik.toml: |
# traefik.toml
logLevel = "WARNING"
defaultEntryPoints = ["http","https","internalhttp", "internalhttps"]
InsecureSkipVerify = true
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[entryPoints.internalhttp]
address = ":6969"
[entryPoints.internalhttps]
address = ":6943"
[entryPoints.internalhttps.tls]
[[entryPoints.internalhttps.tls.certificates]]
certFile = "/certs/internal.xyz.crt"
keyFile = "/certs/internal.xyz.key"
Configuration with ACME for a public domain
traefik.toml: |
# traefik.toml
logLevel = "WARNING"
defaultEntryPoints = ["http","https","internalhttp", "internalhttps"]
InsecureSkipVerify = true
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[entryPoints.internalhttp]
address = ":6969"
[entryPoints.internalhttps]
address = ":6943"
[entryPoints.internalhttps.tls]
[[entryPoints.internalhttps.tls.certificates]]
certFile = "/certs/internal.xyz.crt"
keyFile = "/certs/internal.xyz.key"
[acme]
email = "info@public.io"
storage = "traefik/acme/account"
entryPoint = "https"
onHostRule = true
caServer = "https://acme-v02.api.letsencrypt.org/directory"
[acme.httpChallenge]
entryPoint = "http"
[[acme.domains]]
main = "public.io"
I can see the following error:
time="2019-08-06T10:11:35Z" level=error msg="Error getting ACME certificates [traefik.internal.xyz] : cannot obtain certificates: acme: Error -> One or more domains had a problem:\n[traefik.internal.xyz] acme: error: 400 :: urn:ietf:params:acme:error:connection :: unknownHost :: No valid IP addresses found for traefik.internal.xyz, url: \n"
I can also see this error:
time="2019-08-06T10:52:09Z" level=error msg="Cannot unmarshall private key []"
time="2019-08-06T10:52:09Z" level=error msg="Error building ACME client &{Email: Registration:<nil> PrivateKey:[] KeyType: DomainsCertificate:{Certs:[] lock:{w:{state:0 sema:0} writerSem:0 readerSem:0 readerCount:0 readerWait:0}} ChallengeCerts:map[] HTTPChallenge:map[]}: private key was nil"
Then the internal endpoints stop working.
I am using traefik v1.7.12