Hi, I'm trying to configure treafik with letsencryp and acme, using as cert provider route53, but i'm not able to get a valid certificate, not sure if something on my docker file configuration is missing, this is the first time that i'm working with this.
Here are my dock file settings.
version: '3.5'
services:
traefik:
image: traefik:latest
container_name: traefik
restart: ${RESTART}
command:
- --api.insecure=true
- --providers.docker=true
- --providers.docker.exposedbydefault=false
- --log.level=${LOG}
- --entrypoints.http.address=:80
- --entrypoints.https.address=:443
- --certificatesresolvers.${PROVIDER}.acme.dnschallenge=true
- --certificatesresolvers.${PROVIDER}.acme.dnschallenge.provider=${PROVIDER}
- --certificatesresolvers.${PROVIDER}.acme.dnschallenge.delayBeforeCheck=0
- --certificatesresolvers.${PROVIDER}.acme.dnschallenge.resolvers=${RESOLVER}
- --certificatesresolvers.${PROVIDER}.acme.email=${EMAIL}
- --certificatesresolvers.${PROVIDER}.acme.storage=/letsencrypt/acme.json
environment:
- AWS_ACCESS_KEY_ID
- AWS_REGION
- AWS_SECRET_ACCESS_KEY
ports:
- "80:80"
- "443:443"
- "8080:8080"
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- /letsencrypt:/letsencrypt/
#- certs:/certs
whoami:
image: traefik/whoami
container_name: whoami
restart: ${RESTART}
labels:
- "traefik.enable=true"
# default route over https
- "traefik.http.routers.whoami.rule=Host(`whoami.domainame.com`)"
- "traefik.http.routers.whoami.entrypoints=https"
- "traefik.http.routers.whoami.tls.certresolver=${PROVIDER}"
# HTTP to HTTPS
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
- "traefik.http.routers.whoami-redirs.rule=hostregexp(`{host:.+}`)"
- "traefik.http.routers.whoami-redirs.entrypoints=http"
- "traefik.http.routers.whoami-redirs.middlewares=redirect-to-https"
volumes:
certs:
driver: local
# this is the network that every container should connect to, in order to communicate with Traefik.
networks:
traefik-global-proxy:
name: "traefik-global-proxy"
I'm using a variable file to pass through the AWS credentials.
The AWS account that I'm using have permissions for IAM and certs inside AWS.
I've checked the container logs and it received a valid certificate but still it is not secure
time="2022-09-01T16:40:29Z" level=debug msg="legolog: [INFO] [whoami.domain.com] acme: Validations succeeded; requesting certificates"
time="2022-09-01T16:40:32Z" level=debug msg="legolog: [INFO] [whoami.domain.com] Server responded with a certificate."
time="2022-09-01T16:40:32Z" level=debug msg="Certificates obtained for domains [whoami.domain.com]" rule="Host(`whoami.domain.com`)" ACME CA="https://acme-v02.api.letsencrypt.org/directory" providerName=route53.acme routerName=whoami@docker
time="2022-09-01T16:40:32Z" level=debug msg="Configuration received: {\"http\":{},\"tcp\":{},\"udp\":{},\"tls\":{}}" providerName=route53.acme
time="2022-09-01T16:40:32Z" level=debug msg="No default certificate, generating one" tlsStoreName=default
time="2022-09-01T16:40:33Z" level=debug msg="Adding certificate for domain(s) whoami.domain.com"
time="2022-09-01T16:40:33Z" level=debug msg="Creating middleware" entryPointName=http routerName=whoami-redirs@docker serviceName=whoami-traefik middlewareName=pipelining middlewareType=Pipelining
time="2022-09-01T16:40:33Z" level=debug msg="Creating load-balancer" serviceName=whoami-traefik entryPointName=http routerName=whoami-redirs@docker
time="2022-09-01T16:40:33Z" level=debug msg="Creating server 0 http://172.26.0.2:80" routerName=whoami-redirs@docker serviceName=whoami-traefik serverName=0 entryPointName=http
time="2022-09-01T16:40:33Z" level=debug msg="child http://172.26.0.2:80 now UP"
time="2022-09-01T16:40:33Z" level=debug msg="Propagating new UP status"