Hi! My question is rather akin to this one, but not seeing that latter solved, I am making a new one here.
So I've got a custom certificate (which is in fact also a LetsEncrypt one). I've made up one cert chain file (cert.crt) using the domain certificate, intermediate and root LE certificates. I also have a private key file (cert.key).
My dynamic.yml
is as follows:
tls:
options:
default:
minVersion: VersionTLS12
certificates:
- certFile: /etc/certs/cert.crt
keyFile: /etc/certs/cert.key
stores:
default:
defaultCertificate:
certFile: /etc/certs/cert.crt
keyFile: /etc/certs/cert.key
For Traefik endpoints, I'm using Docker Compose labels. My site is on https://enelectro.pro, so the container defines the following:
services:
webclient: # web: https://enelectro.pro/
container_name: "webclient"
restart: unless-stopped
labels:
- traefik.enable=true
- traefik.http.middlewares.my-compress.compress=true
- traefik.http.routers.webclient.rule=Host(`enelectro.pro`)
- traefik.http.routers.webclient.entrypoints=https
- traefik.http.routers.webclient.middlewares=my-compress
Other containers are defined in the same way, but using various subdomains, e.g. api.enelectro.pro
, traefik.enelectro.pro
, and so on.
The funny thing is that while the subdomain sites finally get their proper TLS certificates (I can see them in my browser), the main website (https://enelectro.pro) goes without any. Traefik seems to use its 'default cert' which has no ownership info:
The actual error is ERR_CERT_COMMON_NAME_INVALID
, which seems to imply that the certificate is incorrect (uses a different domain).
Oddly enough, SSLChecker shows that everything should be OK with the certificate.
The Traefik logs show no error, apart from that "No store is defined to add the certificate MIIE/DCCA+SgAwIBAgISBMvLIkmMAF+w4ypMRyT6A2bGMA0GCS, it will be added to the default store"
.
How can I check my certificate to see why it is not accepted as valid by the browser? Or am I wrong somewhere in defining the Traefik settings?