Cannot get ACME client ACME challenge not specified

Hello,
I have a problem getting lets encrypt certificates to be generated in my docker swarm service. It is probably just some silly mistake, but I can't find it. Output in error log:

Unable to obtain ACME certificate for domains \"[my-domain]\": cannot get ACME client ACME challenge not specified, please select TLS or HTTP or DNS Challenge" rule="Host(`[my-domain]`)" providerName=letsencrypt.acme routerName=dashboard@docker

The certificate resolver is defined in traefik.toml:

[entryPoints]
    [entryPoints.web]
    address = ":80"

    [entryPoints.web.http]
        [entryPoints.web.http.redirections]
            [entryPoints.web.http.redirections.entryPoint]
            to = "websecure"
            scheme = "https"
            permanent = false

    [entryPoints.websecure]
    address = ":443"

[certificatesresolvers.letsencrypt.acme]
email = "[my-email]"
storage = "/letsencrypt/acme.json"
httpChallenge = true
caserver= "https://acme-staging-v02.api.letsencrypt.org/directory"

    [certificatesResolvers.letsencrypt.acme.httpChallenge]
    entryPoint = "web"

And finally in the swarm service definition:

deploy:
    labels:
        - "traefik.enable=true"
        - "traefik.http.routers.dashboard.rule=Host(`[my-domain]`)"
        - "traefik.http.routers.dashboard.service=api@internal"
        - "traefik.http.routers.dashboard.entrypoints=web,websecure"
        - "traefik.http.routers.dashboard.tls.certresolver=letsencrypt"

I tried to remove the http redirect and separating web and websecure enpoints into separate routers with no result. Otherwise, the services are available and the traefik's default self-signed certificate works fine.
Thanks

I don't think this is a thing. Possibly breaking the config as it appears before:

Unfortunately, I also tried it without this setting and still nothing :disappointed:
Removing indentations didn't help either.

Hello,

@cakiwi I think you find the issue, I used the configuration inside the configuration parser and I got:

[entryPoints]
  [entryPoints.web]
    address = ":80"
    [entryPoints.web.http]
      [entryPoints.web.http.redirections]
        [entryPoints.web.http.redirections.entryPoint]
          to = "websecure"
          scheme = "https"
  [entryPoints.websecure]
    address = ":443"

[certificatesResolvers]
  [certificatesResolvers.letsencrypt]
    [certificatesResolvers.letsencrypt.acme]
      email = "[my-email]"
      caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"
      storage = "/letsencrypt/acme.json"
      [certificatesResolvers.letsencrypt.acme.httpChallenge]

There is also a case issue certificatesresolvers vs certificatesResolvers. The good case is certificatesResolvers

2 Likes

Thank you, it is now working. The problem seemed to be that I didn't wrap it under certificatesResolvers section.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.