I have a problem getting lets encrypt certificates to be generated in my docker swarm service. It is probably just some silly mistake, but I can't find it. Output in error log:
Unable to obtain ACME certificate for domains \"[my-domain]\": cannot get ACME client ACME challenge not specified, please select TLS or HTTP or DNS Challenge" rule="Host(`[my-domain]`)" providerName=letsencrypt.acme routerName=dashboard@docker
The certificate resolver is defined in traefik.toml:
[entryPoints] [entryPoints.web] address = ":80" [entryPoints.web.http] [entryPoints.web.http.redirections] [entryPoints.web.http.redirections.entryPoint] to = "websecure" scheme = "https" permanent = false [entryPoints.websecure] address = ":443" [certificatesresolvers.letsencrypt.acme] email = "[my-email]" storage = "/letsencrypt/acme.json" httpChallenge = true caserver= "https://acme-staging-v02.api.letsencrypt.org/directory" [certificatesResolvers.letsencrypt.acme.httpChallenge] entryPoint = "web"
And finally in the swarm service definition:
deploy: labels: - "traefik.enable=true" - "traefik.http.routers.dashboard.rule=Host(`[my-domain]`)" - "traefik.http.routers.dashboard.service=api@internal" - "traefik.http.routers.dashboard.entrypoints=web,websecure" - "traefik.http.routers.dashboard.tls.certresolver=letsencrypt"
I tried to remove the http redirect and separating web and websecure enpoints into separate routers with no result. Otherwise, the services are available and the traefik's default self-signed certificate works fine.