This is a regular discussion here to use LetsEncrypt with multiple Traefik instances with Docker Swarm. It's too bad that Docker Swarm configs
and secrets
are not update-able.
Traefik EE supports "distributed" LetsEncrypt out-of-the-box, it requires a subscription, I think it uses consul
as distributed storage.
It was discussed to use a shared folder to store acme.json
, not sure if that works, haven't tested myself.
I build a proof-of-concept to use a certbot
instance in Docker Swarm behind Traefik that provides a Traefik dynamic configuration via http with certificates inline.
I also build a proof-of-concept to run syncthing
as distributed storage in Docker Swarm on which the dynamic config file could be stored - if you prefer provider.file
over provider.http
. Note that syncthing
syncing is probably too slow to use directly with Traefik's acme.json
.
If you already have a distributed storage, then adapting my certbot to create the dynamic config file is probably the easiest solution, use it with provider.file
and enable watch
.