Custom SSL Certificate Configuration Not Effective

Traefik Traefik v2
,
1

When I access the website using my custom SSL certificate, it shows the certificate CN as "TRAEFIK DEFAULT CERT".

The configuration files are as follows:

docker-compose-traefik.yml

services:
  reverse-proxy:
    # The official v2 Traefik docker image
    image: traefik:v2.8
    # Enables the web UI and tells Traefik to listen to docker
    command:
      # - --api.insecure=true
      - --providers.docker.swarmMode=true
      - --log.level=WARN
      - --entrypoints.web.address=:80
      - --entrypoints.websecure.address=:443
      - --providers.file.directory=/etc/traefik/dynamic_conf
    ports:
      # The HTTP port
      - "80:80"
      - "443:443"
      # The Web UI (enabled by --api.insecure=true)
      #- "8080:8080"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./tools/certs:/tools/certs
      - ./tools/traefik/config.yml:/etc/traefik/dynamic_conf/conf.yml:ro
    deploy:
      placement:
        constraints:
          - node.role == manager
      labels:
        - "traefik.http.middlewares.gzip.compress=true"
        - "traefik.enable=true"
        - "traefik.http.services.noop.loadbalancer.server.port=9999"
    networks:
      - application_net
networks:
  application_net:
    external: true

Configuration file location: /home/tools/traefik/config.yml

tls:
  certificates:
    - certFile: /tools/certs/xxx.com.crt
      keyFile: /tools/certs/xxx.com.key

Application Labes:

"Labels": {
                "traefik.http.middlewares.web-nginx_https.redirectscheme.scheme": "https",
                "traefik.http.routers.web-nginx.entrypoints": "web",
                "traefik.http.routers.web-nginx.middlewares": "web-nginx_https@docker",
                "traefik.http.routers.web-nginx.rule": "Host(`sss.xxx.com`)",
                "traefik.http.routers.web-nginx_https.entrypoints": "websecure",
                "traefik.http.routers.web-nginx_https.rule": "Host(`sss.xxx.com`)",
                "traefik.http.routers.web-nginx_https.tls": "true",
                "traefik.http.services.web-nginx.loadbalancer.server.port": "80"
            },

I also tried using certificates in .pem and .key formats, but it still doesn't work. Could you please help me understand where I went wrong?

2

It is recommended to use Traefik latest, either v2.11 or v3.

For a custom TLS cert to be loaded, you need a dynamic config file with the TLS files referenced (doc), then you need to load the file in static config via providers.file (doc) and set tls=true on entrypoint or router.

If its not working, enable and check Traefik debug log and check within the container if all files are at the right path and readable (docker exec -it <c-id> sh).

Note that you need to send a request with the matching domain name, do not use an IP address. Note further, that you need to provide config and cert files on all Docker Swarm nodes used by the proxy. And final note, make sure that the labels of the target service are also within the deploy section.

To simplify configuration, you can create a single http-to-https redirection on entrypoint "websecure" and enable tls globally, see simple Traefik example.

3

Thank you, I solved it by changing it to this!

tls:
  certificates:
    - certFile: /tools/certs/xxx.crt
      keyFile: /tools/certs/xxx.key
  stores:
    default:
      defaultCertificate:
        certFile: /tools/certs/xxx.crt
        keyFile: /tools/certs/xxx.key