Environment is:
AWS Cloudfront --> AWS Network Load Balancer --> Traefik (3 instances)
(currently using staging lets encrypt)
I'm trying to generate a certificate for ctm-dr.com.
But traefik logs are currently showing this error which contains the domain of the network load balancer
So, not sure if it's expected that traefik "sees" the NLB domain. Or if it's expecting something on ctm-dr.com -- and not sure what I can configure differently in order to achieve that. Any ideas much appreciated! Thanks!
time="2022-08-19T14:47:02Z" level=debug msg=**"Unable to split host and port: address ninja-external-6c54d4df686a3499.elb.us-west-2.amazonaws.com: missing port in address. Fallback to request host."** providerName=acme
time="2022-08-19T14:47:03Z" level=error msg=**"Error getting challenge for token retrying in 751.251175ms"** providerName=acme
Static Config
[certificatesResolvers.letsencrypt_http.acme]
email = "email@foo.com"
storage = "/acme/acme.json"
caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"
[certificatesResolvers.letsencrypt_http.acme.httpChallenge]
entryPoint = "http"
Dynamic config:
"traefik.http.routers.app-puma-wl1.rule=Host(`www.ctm-dr.com`) && PathPrefix(`/`)",
"traefik.http.routers.app-puma-wl1.entrypoints=https",
"traefik.http.routers.app-puma-wl1.tls=true",
"traefik.http.routers.app-puma-wl1.tls.certResolver=letsencrypt_http",
"traefik.http.routers.app-puma-wl1.tls.domains[0].main=www.ctm-dr.com",
FWIW, I've tried with Proxy Protocol enabled (on both the load balancer and traefik) (but it gets weird because the NLB IPs are many, so I've so far had to trust 0.0.0.0/0. Not sure this has had an affect on anything. I get the same domain issue above with this enabled or not.
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.proxyProtocol]
trustedIPs = ["0.0.0.0/0"]
[entryPoints.https]
address = ":443"
[entryPoints.https.proxyProtocol]
trustedIPs = ["0.0.0.0/0"]
More logs:
time="2022-08-19T14:47:02Z" level=debug msg="Adding route for www.ctm-dr.com with TLS options default" entryPointName=https
time="2022-08-19T14:47:02Z" level=debug msg="Looking for provided certificate(s) to validate [\"www.ctm-dr.com\"]..." providerName=letsencrypt_http.acme
time="2022-08-19T14:47:02Z" level=debug msg="Domains [\"www.ctm-dr.com\"] need ACME certificates generation for domains \"www.ctm-dr.com\"." providerName=letsencrypt_http.acme
time="2022-08-19T14:47:02Z" level=debug msg="Loading ACME certificates [www.ctm-dr.com]..." providerName=letsencrypt_http.acme
time="2022-08-19T14:47:02Z" level=debug msg="legolog: [INFO] [www.ctm-dr.com] acme: Obtaining bundled SAN certificate"
time="2022-08-19T14:47:02Z" level=debug msg="legolog: [INFO] [www.ctm-dr.com] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/3382354484"
time="2022-08-19T14:47:02Z" level=debug msg="legolog: [INFO] [www.ctm-dr.com] acme: Could not find solver for: tls-alpn-01"
time="2022-08-19T14:47:02Z" level=debug msg="legolog: [INFO] [www.ctm-dr.com] acme: use http-01 solver"
time="2022-08-19T14:47:02Z" level=debug msg="legolog: [INFO] [www.ctm-dr.com] acme: Trying to solve HTTP-01"
time="2022-08-19T14:47:02Z" level=debug msg="Unable to split host and port: address ninja-external-6c54d4df686a3499.elb.us-west-2.amazonaws.com: missing port in address. Fallback to request host." providerName=acme
time="2022-08-19T14:47:02Z" level=debug msg="Retrieving the ACME challenge for token Ukpm8PEKTalGtA2IIzWl2m5jTp1cWrCM_1dfI8oeTEc..." providerName=acme
time="2022-08-19T14:47:02Z" level=error msg="Error getting challenge for token retrying in 669.302753ms" providerName=acme
time="2022-08-19T14:47:03Z" level=debug msg="Unable to split host and port: address ninja-external-6c54d4df686a3499.elb.us-west-2.amazonaws.com: missing port in address. Fallback to request host." providerName=acme
time="2022-08-19T14:47:03Z" level=debug msg="Retrieving the ACME challenge for token Ukpm8PEKTalGtA2IIzWl2m5jTp1cWrCM_1dfI8oeTEc..." providerName=acme
time="2022-08-19T14:47:03Z" level=error msg="Error getting challenge for token retrying in 472.882511ms" providerName=acme
time="2022-08-19T14:47:03Z" level=error msg="Error getting challenge for token retrying in 751.251175ms" providerName=acme
time="2022-08-19T14:47:03Z" level=error msg="Error getting challenge for token retrying in 578.676761ms" providerName=acme
time="2022-08-19T14:47:04Z" level=error msg="Error getting challenge for token retrying in 1.354950958s" providerName=acme
time="2022-08-19T14:47:04Z" level=error msg="Error getting challenge for token retrying in 1.389176026s" providerName=acme