Cannot get certificate resolver to work

Traefik Traefik v3 (latest)
1

Hello everyone,

I am new to traefik after having used NPM for a while. I want to put everything in configuration files and make rollout easier in the future. However, I cannot get my certificate resolver to work (cloudflare)

The following is my setup:
I am running in Docker using Compose.

services:
  traefik:
    image: traefik:latest
    container_name: traefik
    restart: unless-stopped
    command:
      - "--configFile=/traefik/traefik.yml"
    ports:
      - "8080:8080"
      - "8081:8081"      # HTTP
      - "8443:8443"      # HTTPS
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "./traefik.yml:/traefik/traefik.yml:ro"
      - "./dynamic:/dynamic"
      - "./certs:/certs"
    environment:
      - CF_API_TOKEN=${CF_API_TOKEN} # Stored in .env file

The ports are like that because i still have my old NPM running.

Then, I have a traefik.yml like this:

entryPoints:
  web:
    address: ":8081"        # HTTP
  websecure:
    address: ":8443"        # HTTPS

api:
  dashboard: true
  insecure: true

providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false
  file:
    directory: /dynamic
    watch: true

certificateResolvers:
  letsencrypt:
    acme:
      email: <redacted>
      storage: /certs/acme.json
      dnsChallenge:
        provider: cloudflare
        delayBeforeCheck: 0

When i try to use this in my dynamic/… services, i get the following error:
ERR Router uses a nonexistent certificate resolver certificateResolver=cloudflare routerName=vaultwarden@file

This is how i use it in my dynamic/vaultwarden file:

http:
  routers:
    vaultwarden:
      entryPoints:
        - websecure
      rule: "Host(`vaultwarden.<redacted>`)"
      service: vaultwarden-service
      tls:
        certResolver: letsencrypt

  services:
    vaultwarden-service:
      loadBalancer:
        servers:
          - url: "http://.....:8010"

Any help would be appreciated!

2

I suggest you format your config correctly, use 3 backticks or select text and press </>, in yaml every space matters.

3

Edited the post, thanks

4

You define the certResolver with name letsencrypt:

And it seems you assign a certResolver with a different name. But that's not visible from your shared config snippets.

Enable Traefik debug log (doc), check especially for err, tls and acme.

Also note the CF settings (doc):

You may use CF_API_EMAIL and CF_API_KEY to authenticate, or CF_DNS_API_TOKEN, or CF_DNS_API_TOKEN and CF_ZONE_API_TOKEN.