Custom SSL certificate results in runtime error

vaavdeev · February 5, 2021, 2:20pm

I'm trying to use custom SSL certificate with Traefik, but it doesn't work and when I login to my.domain.com it serves TRAEFIK DEFAULT CERT instead, while logs (from sudo docker logs traefik) show some runtime and handshake errors:

time="2021-02-04T20:43:02Z" level=debug msg="http: panic serving 192.168.9.195:63243: runtime error: invalid memory address or nil pointer dereference"
...
time="2021-02-04T20:43:02Z" level=debug msg="No default certificate, generating one"
time="2021-02-04T20:43:02Z" level=debug msg="Serving default certificate for request: \"my.domain.com\""
...
time="2021-02-04T20:43:05Z" level=debug msg="http: TLS handshake error from 192.168.204.49:52373: remote error: tls: unknown certificate"

SSL certificate is bundled from multiple ones in correct order and passes all possible checks I've found. (At first there were some failed to find any PEM data in certificate input errors, but after changes in bundling and file paths they are gone.)

The project folder structure and config files look like that:
/home/user/traefik/certificates/my.domain.com.crt (and .key)
/home/user/application

traefik.toml in /home/user/traefik:

[entryPoints]
  [entryPoints.web]
    address = ":80"

  [entryPoints.web.http]
    [entryPoints.web.http.redirections]
      [entryPoints.web.http.redirections.entryPoint]
        to = "websecure"
        scheme = "https"

  [entryPoints.websecure]
    address = ":443"

[log]
  level = "DEBUG"

[accessLog]
  filePath = "access.log"

[providers]
  [providers.docker]
    watch = true
    network = "web"

  [providers.file]
    directory = "/certificates/"
    watch = true
    filename = "/dynamic.toml"

dynamic.toml in /home/user/traefik:

[tls]
  [[tls.certificates]]
    certFile = "/certificates/my.domain.com.crt"
    keyFile = "/certificates/my.domain.com.key"
    stores = ["default"]

Script run_traefik.sh in /home/user/traefik folder:

docker stop traefik

docker rm traefik

docker run -d \
  -v /var/run/docker.sock:/var/run/docker.sock \
  -v $PWD/traefik.toml:/traefik.toml \
  -v $PWD/dynamic.toml:/dynamic.toml \
  -v $PWD/traefik.log:/traefik.log \
  -v $PWD/access.log:/access.log \
  -v $PWD/certificates/:/certificates/ \
  -p 80:80 \
  -p 443:443 \
  --network web \
  --name traefik \
  traefik:v2.4.2

Part of docker-compose.yml in /home/user/application:

version: '3.0'

services:
  ...
  application:
    ...
    labels:
      - traefik.http.routers.seatable.rule=Host(`my.domain.com`)
      - traefik.http.routers.seatable.tls=true
    networks:
      - application-net
      - web

networks:
  application-net:
    external: false
  web:
    external: true

What should I change to make it work?

cakiwi · February 6, 2021, 4:29pm

Hi @vaavdeev

You have conflicting conofiguration using both directory and file. Pretty sure this is using the directory watchand not finding any configuration.

system · February 10, 2021, 1:50pm

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Traefik v2.10 Configuration Issue with Custom SSL Certificate and Docker Traefik v2 docker	1	932	December 24, 2023
Traefik not serving custom SSL certificate Traefik v2 docker	10	12111	May 15, 2024
Help me to configure custom SSL certificate for a domain Traefik v2 docker , file	1	1550	October 31, 2019
Remote error: tls: unknown certificate Traefik v2 docker	3	2911	November 9, 2023
Default Certificate not working Traefik v2 docker	8	15518	January 3, 2022

Custom SSL certificate results in runtime error

Related topics