Certificate creatio error

Fisiu · September 8, 2024, 11:53pm

I build traefik for openwrt and installed package on main router
I set up some services, but when enabled https (with dns challenge, cloudflare) I get:

2024-09-08T23:36:18Z ERR github.com/traefik/traefik/v3/pkg/provider/acme/provider.go:469 > Unable to obtain ACME certificate for domains error="cannot get ACME client get directory at 'https://acme-staging-v02.api.letsencrypt.org/directory': Get \"https://acme-staging-v02.api.letsencrypt.org/directory\": tls: failed to verify certificate: x509: certificate signed by unknown authority" ACME CA=https://acme-staging-v02.api.letsencrypt.org/directory acmeCA=https://acme-staging-v02.api.letsencrypt.org/directory domains=["REDACTED","*.REDACTED"] providerName=staging.acme routerName=ds224@file rule=Host(`REDACTED`)

Config for staging resolvers:

certificatesResolvers:
   staging:
     acme:
       email: mariusz@fidano.pl
       storage: /etc/traefik/letsencrypt/staging.json
       caServer: "https://acme-staging-v02.api.letsencrypt.org/directory"
       dnsChallenge:
         provider: cloudflare
         resolvers:
           - "1.1.1.1:53"
           - "8.8.8.8:53"
serversTransport:
   insecureSkipVerify: true

Traefik works as a system service, not in docker.
However if I run curl -Iv https://acme-staging-v02.api.letsencrypt.org/directory the I get 200:

* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
> GET /directory HTTP/2
> Host: acme-staging-v02.api.letsencrypt.org
> User-Agent: curl/8.7.1
> Accept: */*
> 
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
< HTTP/2 200 
< server: nginx
< date: Sun, 08 Sep 2024 23:46:59 GMT
< content-type: application/json
< content-length: 820
< cache-control: public, max-age=0, no-cache
< x-frame-options: DENY
< strict-transport-security: max-age=604800
<

Any ideas?

Topic		Replies	Views
Cannot obtain ACME certificate possibly due to inability to perform SOA DNS query Traefik v2 docker	7	1279	September 26, 2022
LetsEncrypt ACME error connection refused Traefik v2 letsencrypt-acme	9	11129	July 14, 2021
Issue requesting SSL using ACME Traefik v3 (latest) docker , letsencrypt-acme	0	10	September 18, 2024
Cannot get ACME client ACME challenge not specified Traefik v2 letsencrypt-acme	5	5648	October 21, 2020
Cannot obtain ACME certificate Traefik v2 docker , letsencrypt-acme , middleware	3	794	March 11, 2021

Certificate creatio error

Related Topics