Disable certResolver with flag?

ToryBerra · October 6, 2023, 12:26am

I was wondering if I could disable LetsEncrypt and instead user Traefik internal certs when I am developing locally. Is this possible with a flag?

I am using DockerCompose.

traefik:
  image: "traefik:v3.0.0-beta3"
  container_name: "traefik"
  command:
    - "--log.level=${TRAEFIK_LOGLEVEL}"
    - "--providers.docker=true"
    - "--providers.docker.exposedbydefault=false"
    - "--entrypoints.web.address=:80"
    - "--entrypoints.websecure.address=:443"
    - "--entrypoints.postgres.address=:5432"
    - "--entrypoints.web.http.redirections.entrypoint.to=websecure"
    - "--entrypoints.web.http.redirections.entrypoint.scheme=https"
    - "--certificatesresolvers.myresolver.acme.tlschallenge=true"
    - "--certificatesresolvers.myresolver.acme.email=${ACME_EMAIL}"
    - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
  ports:
    - "80:80"
    - "443:443"
    - "5432:5432"
  volumes:
    - "/var/run/docker.sock:/var/run/docker.sock:ro"
    - "./letsencrypt:/letsencrypt"
  networks:
    - traefiknet

ToryBerra · October 6, 2023, 12:50am

Is setting certresolver to null is a good solution?

whoami:
  image: traefik/whoami
  command:
    - --port=2001
    - --name=myapp
  restart: always
  labels:
    - "traefik.enable=true"
    - "traefik.http.routers.myapp.entrypoints=websecure"
    - "traefik.http.routers.myapp.service=myapp-service"
    - "traefik.http.services.myapp-service.loadbalancer.server.port=2001"
    - "traefik.http.routers.myapp.tls=true"
    # Setting TRAEFIK_SERVICES_CERTRESOLVER (certresolver) to null disables LetsEncrypt? <----------
    - "traefik.http.routers.myapp.tls.certresolver=${TRAEFIK_SERVICES_CERTRESOLVER}"
  networks:
    - traefiknet

bluepuma77 · October 6, 2023, 6:24am

You can declare the certresolver, just not assign it. We assign the certresolver globally on entrypoint.

You could try to use an env var and set it to certresolver name or empty string.

You probably need to set TLS=true for Traefik to create custom certs. I would expect this can always be set, with and without LE, but you need to test.

ToryBerra · October 6, 2023, 12:31pm

Thank you. Can you show me how to set global cert resolver using my docker-compose example above?

bluepuma77 · October 6, 2023, 12:36pm

Check simple Traefik example.

Maybe try something like:

    command:
      - ...
      - --entrypoints.websecure.http.tls=true
      - --entrypoints.websecure.http.tls.certresolver=${myresolver}
      - ...

Topic		Replies	Views
How to specify certResolver Traefik v2 docker , letsencrypt-acme	4	6716	November 25, 2019
Invalid Let's Encrypt cert with Docker Traefik v2 docker , letsencrypt-acme	0	383	December 15, 2020
A custom certificate is not used by Traefik Traefik v3 (latest) docker-swarm , letsencrypt-acme	11	208	April 19, 2024
Router uses a non-existent certificate resolver Traefik v3 (latest) docker , letsencrypt-acme	2	696	May 25, 2024
Why is my site showing "Traefik Default Cert"? Traefik v3 (latest) docker , letsencrypt-acme	0	110	July 31, 2024

Disable certResolver with flag?

Related topics