Default certificate is not working for our Traefik

dhaneesh88 · July 9, 2024, 3:30pm

Hello Team,

We are using Traefik for redirection for over 3000 websites.

We are using global accelerator and NLB that points to ECS fargate where traeffik image is used with following configurations

"command": ["--api.insecure=true","--log","--log.level=DEBUG",
"--entrypoints.web.address=:80",
"--entrypoints.web.transport.respondingtimeouts.idletimeout=20",
"--entrypoints.web.transport.respondingtimeouts.readtimeout=20",
"--entrypoints.web.transport.respondingtimeouts.writetimeout=20",
"--entrypoints.websecure.address=:443",
"--entrypoints.websecure.http.tls.certResolver=lestandard",
"--entrypoints.websecure.transport.respondingtimeouts.idletimeout=20",
"--entrypoints.websecure.transport.respondingtimeouts.readtimeout=20",
"--entrypoints.websecure.transport.respondingtimeouts.writetimeout=20",
"--certificatesresolvers.lestandard.acme.email=testmail@gmail.com",
"--certificatesresolvers.lestandard.acme.httpchallenge=true",
"--certificatesresolvers.lestandard.acme.httpchallenge.entrypoint=web",
"--certificatesresolvers.lestandard.acme.storage=/mount/efs-certs/acme.json",
"--providers.providersThrottleDuration=10s",
"--providers.redis.endpoints=new-dev-redirector-rulestore-001.new-dev-redirector-rulestore.v2rtcm.euc1.cache.amazonaws.com:6379",
"--providers.redis.tls.insecureSkipVerify=true",
"--providers.file.directory=/mount/efs-certs"]

The certificate is generating using letsencrypt and are generating correctly for all these 3000.

But if we check, we can see Traefik default certificate is generating each day and not valid. We have to use custom default valid certificate. So as per documentation we have updated the configuration

-providers.file.directory=/mount/efs-certs and create yml file and added following values.

ls:
  options:
    default:
      sniStrict: true
  certificates:
    - certFile: traefik-ca.cert
      keyFile: traefik-ca.key
  stores:
    default:
      defaultCertificate:
        certFile: traefik-ca.cert
        keyFile: traefik-ca.key

But still we cant see default certificate is generating each day and not taking our custom certificate.

dhaneesh88 · July 12, 2024, 8:07am

Anyone have any insight on this ?

bluepuma77 · July 30, 2024, 11:04am

Is the file read and used when you access the matching domain?

What does Traefik debug log tell you (doc)?

Is it only when using as default, with not matching Host() or HostSNI()?

Topic		Replies	Views
Traefik serves default certificate when using wildcard domain Traefik v2 letsencrypt-acme	3	21	October 17, 2024
Default Certificate not working Traefik v2 docker	8	15164	January 3, 2022
Unable to get SSL working Traefik v2 docker	2	8205	September 15, 2019
Not able to configure traefik to serve my certificate when accessing over https Traefik v2 kubernetes-ingress	2	840	September 27, 2021
Lets encrypt certificate doesn't work Traefik v2 letsencrypt-acme	2	684	March 25, 2022

Default certificate is not working for our Traefik

Related Topics