Error failed to load X509 key pair / failed to find any PEM data in certificate input

Traefik Traefik v2
1

Hello everyone,

traefik worked for the last 2 weeks like a charm, until I had to restart my NAS and realized the /etc/traefik folder doesn't exist anymore after the reboot.
So I wanted to change my folder and link to ./etc/traefik within my compose folder.

My docker-compose:

version: '3'

services:
  traefik:
    image: traefik:latest
    container_name: traefik
    ports:
      - 80:80
      - 443:443
      - 8080:8080  # (optional) expose the dashboard ! don't use in production!
      - 51820:51820/udp # wireguard
    volumes:
      - ./etc/traefik:/etc/traefik
      - ./ssl-certs/:/ssl-certs/
      - /var/run/docker.sock:/var/run/docker.sock
      - ./logs:/logs
    restart: unless-stopped
    networks:
      - traefik

networks:
  traefik:
    external: true

And my traefik.yml looks like this:

global:
  checkNewVersion: true
  sendAnonymousUsage: false  # true by default

# (Optional) Enable API and Dashboard
# ---
api:
 dashboard: true  # true by default
 insecure: true  # Don't do this in production!

# Entry Points configuration
# ---
entryPoints:
  web:
    address: :80
    # (Optional) Redirect to HTTPS
    http:
      redirections:
        entryPoint:
          to: websecure
          scheme: https
  websecure:
    address: :443
  wireguard:
    address: :51820/udp


# Configure your CertificateResolver here...
# ---
certificatesResolvers:
  staging:
    acme:
      email: myemailadress@domain.com
      storage: /ssl-certs/acme.json
      caServer: "https://acme-staging-v02.api.letsencrypt.org/directory"
      httpChallenge:
        entryPoint: web

  production:
    acme:
      email: myemailadress@domain.com
      storage: /ssl-certs/acme.json
      caServer: "https://acme-v02.api.letsencrypt.org/directory"
      httpChallenge:
        entryPoint: web

#(Optional) Overwrite Default Certificates
tls:
  stores:
    default:
      defaultCertificate:
        certFile: /ssl-certs/cert.pem
        keyFile: /ssl-certs/cert-key.pem
#(Optional) Disable TLS version 1.0 and 1.1
  options:
    default:
      minVersion: VersionTLS12

providers:
  docker:
    exposedByDefault: false
  file:
    # watch for dynamic configuration changes
    directory: /etc/traefik
    watch: true

After I changed my folders to the local one, the acme.json was created properly. But I always receive the error:

level=error msg="Error while creating certificate store: failed to load X509 key pair: tls: failed to find any PEM data in certificate input" tlsStoreName=default

Afterwards of course all certificates fail:

Unable to obtain ACME certificate for domains \"whoami.mydomain.com\": unable to generate a certificate for the domains [whoami.mydomain.com]: error: one or more domains had a problem:\n[whoami.mydomain.com] acme: error: 400

I tried to figure out what that error is, but to be honest, I have absolutely no clue.
Does anyone have an idea what this could be?

Thank you and best regards

2

Nobody any idea?
@bluepuma77 can you maybe take a look if you have time. I would highly appreciate that :slight_smile:

3

File corrupted, not readable or not writeable?

I would use separate files for staging and production.

And I would always use full absolute path when binding/mounting a folder into the service/container, not a relative one.

4

Thanks for the reply. I couldn't figure it out. I just re-did the configuration. Then it seemed to be a caching issue.
Suddenly after a reboot of the NAS it worked...