Custom SSL certificate results in runtime error

vaavdeev · February 5, 2021, 2:20pm

I'm trying to use custom SSL certificate with Traefik, but it doesn't work and when I login to my.domain.com it serves TRAEFIK DEFAULT CERT instead, while logs (from sudo docker logs traefik) show some runtime and handshake errors:

time="2021-02-04T20:43:02Z" level=debug msg="http: panic serving 192.168.9.195:63243: runtime error: invalid memory address or nil pointer dereference"
...
time="2021-02-04T20:43:02Z" level=debug msg="No default certificate, generating one"
time="2021-02-04T20:43:02Z" level=debug msg="Serving default certificate for request: \"my.domain.com\""
...
time="2021-02-04T20:43:05Z" level=debug msg="http: TLS handshake error from 192.168.204.49:52373: remote error: tls: unknown certificate"

SSL certificate is bundled from multiple ones in correct order and passes all possible checks I've found. (At first there were some failed to find any PEM data in certificate input errors, but after changes in bundling and file paths they are gone.)

The project folder structure and config files look like that:
/home/user/traefik/certificates/my.domain.com.crt (and .key)
/home/user/application

traefik.toml in /home/user/traefik:

[entryPoints]
  [entryPoints.web]
    address = ":80"

  [entryPoints.web.http]
    [entryPoints.web.http.redirections]
      [entryPoints.web.http.redirections.entryPoint]
        to = "websecure"
        scheme = "https"

  [entryPoints.websecure]
    address = ":443"

[log]
  level = "DEBUG"

[accessLog]
  filePath = "access.log"

[providers]
  [providers.docker]
    watch = true
    network = "web"

  [providers.file]
    directory = "/certificates/"
    watch = true
    filename = "/dynamic.toml"

dynamic.toml in /home/user/traefik:

[tls]
  [[tls.certificates]]
    certFile = "/certificates/my.domain.com.crt"
    keyFile = "/certificates/my.domain.com.key"
    stores = ["default"]

Script run_traefik.sh in /home/user/traefik folder:

docker stop traefik

docker rm traefik

docker run -d \
  -v /var/run/docker.sock:/var/run/docker.sock \
  -v $PWD/traefik.toml:/traefik.toml \
  -v $PWD/dynamic.toml:/dynamic.toml \
  -v $PWD/traefik.log:/traefik.log \
  -v $PWD/access.log:/access.log \
  -v $PWD/certificates/:/certificates/ \
  -p 80:80 \
  -p 443:443 \
  --network web \
  --name traefik \
  traefik:v2.4.2

Part of docker-compose.yml in /home/user/application:

version: '3.0'

services:
  ...
  application:
    ...
    labels:
      - traefik.http.routers.seatable.rule=Host(`my.domain.com`)
      - traefik.http.routers.seatable.tls=true
    networks:
      - application-net
      - web

networks:
  application-net:
    external: false
  web:
    external: true

What should I change to make it work?

cakiwi · February 6, 2021, 4:29pm

Hi @vaavdeev

You have conflicting conofiguration using both directory and file. Pretty sure this is using the directory watchand not finding any configuration.

system · February 10, 2021, 1:50pm

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Traefik v2.10 Configuration Issue with Custom SSL Certificate and Docker Traefik v2 (latest) docker	1	333	December 24, 2023
Traefik not serving custom SSL certificate Traefik v2 (latest) docker	9	4782	December 14, 2023
Help me to configure custom SSL certificate for a domain Traefik v2 (latest) docker , file	1	1196	October 31, 2019
Remote error: tls: unknown certificate Traefik v2 (latest) docker	3	1806	November 9, 2023
Default Certificate not working Traefik v2 (latest) docker	8	14121	January 3, 2022

Custom SSL certificate results in runtime error

Related Topics