Docker-swarm, running traefik in replicated mode with ACME


Already browsed through the forum and searched google a bit, but unable to find a definitive answer.

I'm migrating away from Traefik v1.7 to v2.1. My current setup consists of traefik running replicated across my manager nodes. The configuration of my traefik instances in stored in consul and with it, is the acme.json for acme.

I understand the consul backend for acme has been removed, since this caused issues. My thought was to simply use a NFS share and have all traefik replicas use the same acme.json, however the documentation quite clearly states that one shouldn't do this.

Running 3 replicas and having all 3 maintain their own acme.json would also result in undefined behavior (depending on which replica you hit).

My question here is, what's the proposed migration path here? From Traefik 1.7 using a "HA" ACME setup to 2.1? When running a LB for "production" services, I consider it to be a pre-requisite to at least run 2 replicas.

Thanks for your insights, and apologies if this has been asked and answered already elsewhere.

Did you find out anything about this? I'm quite surprised it's not detailed.

Some digging around, it seems like with v2 the ability to do what we want here is now moved behind a paywall in 'Enterprise Edition'.

If 'distributed Let's Encrypt' means what I think it does, on this page.

I'd say the alternative likely involves using the 'exec' DNS provider in the acme config.

I would really appreciate some guidance here on best practices for acme DNS challenge on a globally deployed Traefik instance in a Docker Swarm environment.