Error with custom TLS certs

Hello!!

Problem with custom SSL certs traefik v.2.0.0

I created docker-compose

`version: "3.7"

services:
  reverse-proxy:
    image: traefik:v2.0.0
    command: 
      - "--configFile=/traefik.toml"
      - "--api.insecure"
      - "--api.dashboard"
      - "--providers.docker"
      - "--providers.docker.swarmMode=true"
      - "--providers.docker.network=proxy"
      - "--log.level=DEBUG"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--accesslog=true"
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    volumes:
      - ./certs:/certs
      - ./traefik.toml:/traefik.toml
      - /var/run/docker.sock:/var/run/docker.sock
    labels:
      - "traefik.docker.network=proxy"
    networks:
      - proxy

networks:
  proxy:
    driver: overlay
    external: true`

My traefik.toml

[providers]
  [providers.docker]
  
  [providers.file]
    filename = "/traefik.toml"



[tls]

  [tls.stores]
    [tls.stores.default]
      [tls.stores.default.defaultCertificate]
        certFile = "/certs/mycert.cer"
        keyFile = "/certs/mykey.key"

  [[tls.certificates]]
        certFile = "/certs/mycert.cer"
        keyFile = "/certs/mykey.key"
    stores = ["default"]

I saw this thread

But i got error

time="2019-10-14T14:03:08Z" level=info msg="Configuration loaded from file: /traefik.toml"
time="2019-10-14T14:03:08Z" level=error msg="Error while creating certificate store: failed to load X509 key pair: tls: failed to find any PEM data in key input" tlsStoreName=default
time="2019-10-14T14:03:08Z" level=error msg="Unable to append certificate MIIFYzCCBjTVan7lxLBrflMA0GCS to store: unable to generate TLS certificate : tls: failed to find any PEM data in key input" tlsStoreName=default
time="2019-10-14T14:03:08Z" level=error msg="Error while creating certificate store: failed to load X509 key pair: tls: failed to find any PEM data in key input" tlsStoreName=default
time="2019-10-14T14:03:08Z" level=error msg="Unable to append certificate MIIFYzCCBjTVan7lxLBrflMA0GCS to store: unable to generate TLS certificate : tls: failed to find any PEM data in key input" tlsStoreName=default

I will be appreciate for any helps! Thanks!

Regards,
Evgeny

Problem solved. My certs had wrong place.

To anyone who is still facing the same issue, here is the configuration I've used:

Docker-compose.yaml

version: '3'

services:
  traefik:
    image: traefik:v2.0
    container_name: traefik
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    networks:
      - proxy
    ports:
      - 80:80
      - 443:443
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./data/traefik.yml:/traefik.yml:ro
      - ./data/dyn.yaml:/etc/traefik/dyn.yaml
      - ./data/certs:/etc/traefik/certs:ro
      #- ./data/acme.json:/acme.json
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik.entrypoints=http"
      - "traefik.http.routers.traefik.rule=Host(`traefik.yourdomain.com`)"
      #- "traefik.http.middlewares.traefik-auth.basicauth.users=USER:PASSWORD"
      - "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
      #- "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
      - "traefik.http.routers.traefik-secure.entrypoints=https"
      - "traefik.http.routers.traefik-secure.rule=Host(`traefik.yourdomain.com`)"
      #- "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
      - "traefik.http.routers.traefik-secure.tls=true"
      #- "traefik.http.routers.traefik-secure.tls.certresolver=http"
      - "traefik.http.routers.traefik-secure.service=api@internal"

networks:
  proxy:
    external: true

traefik.yml

api:
  dashboard: true

entryPoints:
  http:
    address: ":80"
  https:
    address: ":443"

providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false
  file:
    filename: /etc/traefik/dyn.yaml

dyn.yaml

tls:
  certificates:
    - certFile: "/etc/traefik/certs/cert_chain.crt"
      keyFile: "/etc/traefik/certs/server.key"
      stores:
        - default
  stores:
    default:
      defaultCertificate:
        certFile: "/etc/traefik/certs/cert_chain.crt"
        keyFile: "/etc/traefik/certs/server.key"

Following above configuration, I was able to get the Traefik with my SSL signed certificates in running form.

2 Likes

Thank you! Your dyn.yaml example finally fixed my issue with TLS.