Can't renew certificate due to 403 on directory/file .well-known

I'm using Traefik 1.7 on a production server, a server upgrade has been made from Debian 8 to 10 (not 100% sure but it's not relevant) recently and now auto renewal of certificate isn't working anymore.

This error happens now :

time="2023-12-05T10:25:05Z" level=error msg="Error renewing certificate from LE: { []}, acme: Error -> One or more domains had a problem:\n[] acme: Error 403 - urn:ietf:params:acme:error:unauthorized - Invalid response from 403\n[] acme: Error 403 - urn:ietf:params:acme:error:unauthorized - Invalid response from 403\n"

Traefik TOML configuration :

checkNewVersion = false
InsecureSkipVerify = false

defaultEntryPoints = ["https","http"]

  level = "DEBUG"

logLevel = "INFO"

  filePath = "/var/log/traefik.log"

    address = ":80"
    address = ":443"

  attempts = 3

  endpoint = "unix:///var/run/docker.sock"
  watch = true
  exposedbydefault = false

  entryPoint = "traefik"
  dashboard = true

# You will not need it if you use your custom certs
# This is used when you want to let traefik generate automatically your cert
  email = ""
  storage = "/acme.json"
  entryPoint = "https"
  onHostRule = true
  onDemand = false
    entryPoint = "http"

And a part of the docker configuration :

version: '3'
    image: varnish:6
    container_name: varnish
      - "./docker/varnish/default.vcl:/etc/varnish/default.vcl"
      - /var/lib/varnish:exec
    command: "-p default_keep=300"
      - "web"
      - "web"
      - traefik.enable=true
      - traefik.frontend.headers.SSLRedirect=true
      - traefik.port=80

      name: reverseproxy

The project always worked for certificate renewal until this point. I don't find any information about .well-known, is it supposed to be in my application server (symfony public directory ?) or located near traefik ? Any help is welcome.


Traefik v1 has been EOL for around 3 years, and it doesn't receive any security fixes, I recommend migrating to Traefik v2.

I'm fine with migrating, it's not normal to be so late but I have to convince my client.

And upgrading it while it's not working does not seem optimal to me

While at it, Debian 10 is EOL mid 2024, maybe upgrade that, too :slight_smile: