Custom certificate not been picked up

sekar-fa · March 2, 2020, 11:43pm

Issue: self signed certificate is not getting picked up as i need to use a default certificate for all the incoming traffic for any domain.
log says msg="No default certificate, generating one"

Below is the traefik version,

Version:      2.1.4
Codename:     cantal
Go version:   go1.13.7
Built:        2020-02-06T17:10:06Z
OS/Arch:      linux/amd64

In the traefik.toml dynamic configuration below is the configuration,

[tls.stores]
  [tls.stores.default]
    [tls.stores.default.defaultCertificate]
      certFile = "/etc/traefik/conf/cert.crt"
      keyFile  = "/etc/traefik/conf/cert.key"

ldez · March 2, 2020, 11:55pm

Hello,

traefik.toml contains the static configuration.

The dynamic configuration and the static configuration must be defined in separated files:

sekar-fa · March 3, 2020, 12:21am

Thanks for the reply,
I have the both the config file,

In my docker compose

    volumes:
       - $PWD/traefik.toml:/etc/traefik/traefik.toml
       - $PWD/config.yaml:/etc/traefik/config.yaml
       - $PWD:/etc/traefik/conf

In my traefik.toml

[providers]
  [providers.file]
    filename = "/etc/traefik/config.yaml"
    watch = true

In the config.yam i have the below,

tls:
  certificates:
    - certFile: /etc/traefik/conf/cert.crt
      keyFile: /etc/traefik/conf/cert.key
      stores:
        - default
  stores:
    default:
      defaultCertificate:
        certFile: /etc/traefik/conf/cert.crt
        keyFile: /etc/traefik/conf/cert.key

earlier i had the tls specified in the static file(traefik.toml) now moved it to the dynamic file(config.yaml)

In this correct

metadata · March 3, 2020, 5:03am

Hey @sekar-fa, u can refer to below gist. proxy-config.toml contains dynamic configuration only. it uses both letsencrypt and custom tls certs for two different domains.

gist.github.com

https://gist.github.com/prayagsingh/ee85e81dd03191f14c459b6d38b4af15

docker-compose-traefik.yaml

# Providers :- discover the services that live on your infrastructure (their IP, health, ...)
# Entrypoints :- listen for incoming traffic (ports, ...)
# Routers :- analyse the requests (host, path, headers, SSL, ...). A router is in charge of connecting incoming requests to the services that can handle them.
# Services :- forward the request to your services (load balancing, ...). The Services are responsible for configuring how to reach the actual services that will eventually handle the incoming requests.
# Middlewares :- may update the request or make decisions based on the request (authentication, rate limiting, headers, ...)


version: "3.7"

networks:

This file has been truncated. show original

proxy-config.toml

# ENTRYPOINT / ROUTER

[http.routers]
  [http.routers.myrouter]
    rule = "Host(`bchain.example.in`)"
    middlewares = ["auth"]
    service = "goserver"
    entryPoints = ["websecure"]

    # will route TLS requests (and ignore non tls requests)

This file has been truncated. show original

sekar-fa · March 3, 2020, 10:43pm

When i moved the tls entry from static file to dynamic file, it worked.
Thanks @ldez @metadata

Topic		Replies	Views
Traefik v2.10 Configuration Issue with Custom SSL Certificate and Docker Traefik v2 docker	1	826	December 24, 2023
Default Certificate not working Traefik v2 docker	8	15283	January 3, 2022
Traefik not serving custom SSL certificate Traefik v2 docker	10	11093	May 15, 2024
Can't configure custom self-signed TLS cert, traefik returns 404 for every docker service; works with TRAEFIK DEFAULT CERT Traefik v1 docker , file	0	937	December 7, 2020
Self-signed certificates not recognized Traefik v2 docker	1	347	February 29, 2024

Custom certificate not been picked up

Related topics