Default certificate is not working for our Traefik

dhaneesh88 · July 9, 2024, 3:30pm

Hello Team,

We are using Traefik for redirection for over 3000 websites.

We are using global accelerator and NLB that points to ECS fargate where traeffik image is used with following configurations

"command": ["--api.insecure=true","--log","--log.level=DEBUG",
"--entrypoints.web.address=:80",
"--entrypoints.web.transport.respondingtimeouts.idletimeout=20",
"--entrypoints.web.transport.respondingtimeouts.readtimeout=20",
"--entrypoints.web.transport.respondingtimeouts.writetimeout=20",
"--entrypoints.websecure.address=:443",
"--entrypoints.websecure.http.tls.certResolver=lestandard",
"--entrypoints.websecure.transport.respondingtimeouts.idletimeout=20",
"--entrypoints.websecure.transport.respondingtimeouts.readtimeout=20",
"--entrypoints.websecure.transport.respondingtimeouts.writetimeout=20",
"--certificatesresolvers.lestandard.acme.email=testmail@gmail.com",
"--certificatesresolvers.lestandard.acme.httpchallenge=true",
"--certificatesresolvers.lestandard.acme.httpchallenge.entrypoint=web",
"--certificatesresolvers.lestandard.acme.storage=/mount/efs-certs/acme.json",
"--providers.providersThrottleDuration=10s",
"--providers.redis.endpoints=new-dev-redirector-rulestore-001.new-dev-redirector-rulestore.v2rtcm.euc1.cache.amazonaws.com:6379",
"--providers.redis.tls.insecureSkipVerify=true",
"--providers.file.directory=/mount/efs-certs"]

The certificate is generating using letsencrypt and are generating correctly for all these 3000.

But if we check, we can see Traefik default certificate is generating each day and not valid. We have to use custom default valid certificate. So as per documentation we have updated the configuration

-providers.file.directory=/mount/efs-certs and create yml file and added following values.

ls:
  options:
    default:
      sniStrict: true
  certificates:
    - certFile: traefik-ca.cert
      keyFile: traefik-ca.key
  stores:
    default:
      defaultCertificate:
        certFile: traefik-ca.cert
        keyFile: traefik-ca.key

But still we cant see default certificate is generating each day and not taking our custom certificate.

dhaneesh88 · July 12, 2024, 8:07am

Anyone have any insight on this ?

bluepuma77 · July 30, 2024, 11:04am

Is the file read and used when you access the matching domain?

What does Traefik debug log tell you (doc)?

Is it only when using as default, with not matching Host() or HostSNI()?

Topic		Replies	Views
Traefik serves default certificate when using wildcard domain Traefik v2 letsencrypt-acme	3	92	October 17, 2024
Default Certificate not working Traefik v2 docker	8	15467	January 3, 2022
Unable to get SSL working Traefik v2 docker	2	8231	September 15, 2019
Traefik serves default cert for HostSNI (tls over tcp) Traefik v2 docker , letsencrypt-acme , tcp	7	2824	August 14, 2023
Not able to configure traefik to serve my certificate when accessing over https Traefik v2 kubernetes-ingress	2	861	September 27, 2021

Default certificate is not working for our Traefik

Related topics