Cannot get ACME client ACME challenge not specified

lamka02sk · October 18, 2020, 8:45pm

Hello,
I have a problem getting lets encrypt certificates to be generated in my docker swarm service. It is probably just some silly mistake, but I can't find it. Output in error log:

Unable to obtain ACME certificate for domains \"[my-domain]\": cannot get ACME client ACME challenge not specified, please select TLS or HTTP or DNS Challenge" rule="Host(`[my-domain]`)" providerName=letsencrypt.acme routerName=dashboard@docker

The certificate resolver is defined in traefik.toml:

[entryPoints]
    [entryPoints.web]
    address = ":80"

    [entryPoints.web.http]
        [entryPoints.web.http.redirections]
            [entryPoints.web.http.redirections.entryPoint]
            to = "websecure"
            scheme = "https"
            permanent = false

    [entryPoints.websecure]
    address = ":443"

[certificatesresolvers.letsencrypt.acme]
email = "[my-email]"
storage = "/letsencrypt/acme.json"
httpChallenge = true
caserver= "https://acme-staging-v02.api.letsencrypt.org/directory"

    [certificatesResolvers.letsencrypt.acme.httpChallenge]
    entryPoint = "web"

And finally in the swarm service definition:

deploy:
    labels:
        - "traefik.enable=true"
        - "traefik.http.routers.dashboard.rule=Host(`[my-domain]`)"
        - "traefik.http.routers.dashboard.service=api@internal"
        - "traefik.http.routers.dashboard.entrypoints=web,websecure"
        - "traefik.http.routers.dashboard.tls.certresolver=letsencrypt"

I tried to remove the http redirect and separating web and websecure enpoints into separate routers with no result. Otherwise, the services are available and the traefik's default self-signed certificate works fine.
Thanks

cakiwi · October 18, 2020, 8:56pm

I don't think this is a thing. Possibly breaking the config as it appears before:

lamka02sk · October 18, 2020, 9:01pm

Unfortunately, I also tried it without this setting and still nothing
Removing indentations didn't help either.

ldez · October 18, 2020, 9:06pm

Hello,

@cakiwi I think you find the issue, I used the configuration inside the configuration parser and I got:

[entryPoints]
  [entryPoints.web]
    address = ":80"
    [entryPoints.web.http]
      [entryPoints.web.http.redirections]
        [entryPoints.web.http.redirections.entryPoint]
          to = "websecure"
          scheme = "https"
  [entryPoints.websecure]
    address = ":443"

[certificatesResolvers]
  [certificatesResolvers.letsencrypt]
    [certificatesResolvers.letsencrypt.acme]
      email = "[my-email]"
      caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"
      storage = "/letsencrypt/acme.json"
      [certificatesResolvers.letsencrypt.acme.httpChallenge]

There is also a case issue certificatesresolvers vs certificatesResolvers. The good case is certificatesResolvers

lamka02sk · October 18, 2020, 10:51pm

Thank you, it is now working. The problem seemed to be that I didn't wrap it under certificatesResolvers section.

system · October 21, 2020, 10:51pm

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Unable to obtain ACME certificate despite setting challenge Traefik v1 docker , letsencrypt-acme	1	4774	July 18, 2019
ACME error 400 with TLS challenge but not with HTTP challenge in Docker Swarm Traefik v2 letsencrypt-acme	0	1158	May 11, 2020
Unable to obtain ACME certificate Traefik v2 kubernetes-crd , kubernetes-ingress , letsencrypt-acme	19	5972	August 29, 2022
Let's Encrypt HTTP Challenge is failing for reasons I don't understand Traefik v2 letsencrypt-acme	1	558	September 4, 2019
Acme http challenge error with multiple traefik instances Traefik v1 docker , docker-swarm , letsencrypt-acme	1	1328	March 8, 2020

Cannot get ACME client ACME challenge not specified

Related topics