Can not update Let’s Encrypt Certificates traefik

bankmrc054 · September 20, 2022, 8:48am

I don't know what's wrong with my YAML file or traefik config. if someone can help, please?

DOCKER YAML

version: "3.3"

volumes:
   traefik-ssl-certs:
     driver: local

services:

  traefik:
    image: "traefik:v2.8.5"
    container_name: "traefik"
    command:
      - "--log.level=DEBUG"
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "traefik.http.routers.myrouter.tls.certresolver=myresolver"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    volumes:
      - "/etc/traefik:/etc/traefik"
      - "traefik-ssl-certs:/ssl-certs"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "./acme.json:/acme.json"

Config

global:
  checkNewVersion: true
  sendAnonymousUsage: false  # true by default

# (Optional) Log information
# ---
# log:
#  level: ERROR  # DEBUG, INFO, WARNING, ERROR, CRITICAL
#   format: common  # common, json, logfmt
#   filePath: /var/log/traefik/traefik.log

# (Optional) Accesslog
# ---
# accesslog:
  # format: common  # common, json, logfmt
  # filePath: /var/log/traefik/access.log

# (Optional) Enable API and Dashboard
# ---
api:
  dashboard: true  # true by default
  insecure: true  # Don't do this in production!

# Entry Points configuration
# ---
entryPoints:
  web:
    address: ":80"
    # (Optional) Redirect to HTTPS
    # ---
entryPoints:
  web:
    address: ":80"
    # (Optional) Redirect to HTTPS
    # ---
    http:
       redirections:
         entryPoint:
           to: websecure
           scheme: https

  websecure:
    address: ":443"


serversTransport:
  insecureSkipVerify: true



# Configure your CertificateResolver here...
# ---
#certificatesResolvers:
staging:
     acme:
       email: xxxx@xxxx.com
       storage: /etc/traefik/certs/acme.json
       caServer: "https://acme-staging-v02.api.letsencrypt.org/directory"
       httpChallenge:
         entryPoint: web

production:
     acme:
       email: xxxx@xxxx.com
       storage: /etc/traefik/certs/acme.json
       caServer: "https://acme-v02.api.letsencrypt.org/directory"
       httpChallenge:
         entryPoint: web

# (Optional) Overwrite Default Certificates
# tls:
#   stores:
#     default:
#       defaultCertificate:
#         certFile: /etc/traefik/certs/cert.pem
#         keyFile: /etc/traefik/certs/cert-key.pem
# (Optional) Disable TLS version 1.0 and 1.1
#   options:
#     default:
#       minVersion: VersionTLS12

providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false  # Default is true
  file:
    # watch for dynamic configuration changes
    directory: /etc/traefik
    watch: true

dmio · September 20, 2022, 10:17pm

It would help if you provided output / logging from startup - but some initial thoughts that need to be fixed up front...

You're configuring traefik with command line flags in Docker. I'd suggest pulling this out into a configuration file if at all possible. Regardless the following command is incorrect:

- "traefik.http.routers.myrouter.tls.certresolver=myresolver"

If you run traefik on the CLI and grep for certresolver you'll find:

# traefik --help | grep certresolver
    --entrypoints.<name>.http.tls.certresolver  (Default: "")

...I could be wrong but it looks like you're conflating traefik labels with command line flags. You also don't provide the traefik container any labels, so I'm not sure it's even being configured.

Finally you reference myresolver as your certresolver. I don't see that in your config - only staging and production. Your config has overlapping entryPoints, as well. And your certificateResolvers section has the root of that config commented out.

You may want to start with a Docker template that's out there to get you going as this looks like it's not complete and misconfigured in a number of places. You could start out with something like the Ibracorp template, although there are a bunch of base templates out there that offer good starting points.

bluepuma77 · September 21, 2022, 11:26am

Where is myresolver defined? In examples it sometimes looks like this:

certificatesResolvers:
  myresolver:
    acme:
      email: email@example.com
      storage: /acme.json
      httpchallenge:
        entrypoint: web

bluepuma77 · September 21, 2022, 11:29am

Should probably be

certificatesResolvers:
  staging:
    ...
  production:
    ...

and

    - "traefik.http.routers.myrouter.tls.certresolver=production"

Topic		Replies	Views
Traefik in Docker not issuing SSL certificates Traefik v3 (latest) docker , letsencrypt-acme	2	20	November 13, 2024
TLS certificates with Docker Traefik v2 docker	2	4294	September 18, 2019
Need help im new in traefik Traefik v2 docker	7	199	January 19, 2024
HTTPS let's encrypt not working Traefik v2 docker , letsencrypt-acme	2	4341	November 15, 2019
Traefik can't connect to lets encrypt directory Traefik v2 docker , letsencrypt-acme	1	2564	February 28, 2020

Can not update Let’s Encrypt Certificates traefik

Related topics