Error with custom TLS certs

edemin · October 14, 2019, 2:19pm

Hello!!

Problem with custom SSL certs traefik v.2.0.0

I created docker-compose

`version: "3.7"

services:
  reverse-proxy:
    image: traefik:v2.0.0
    command: 
      - "--configFile=/traefik.toml"
      - "--api.insecure"
      - "--api.dashboard"
      - "--providers.docker"
      - "--providers.docker.swarmMode=true"
      - "--providers.docker.network=proxy"
      - "--log.level=DEBUG"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--accesslog=true"
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    volumes:
      - ./certs:/certs
      - ./traefik.toml:/traefik.toml
      - /var/run/docker.sock:/var/run/docker.sock
    labels:
      - "traefik.docker.network=proxy"
    networks:
      - proxy

networks:
  proxy:
    driver: overlay
    external: true`

My traefik.toml

[providers]
  [providers.docker]
  
  [providers.file]
    filename = "/traefik.toml"



[tls]

  [tls.stores]
    [tls.stores.default]
      [tls.stores.default.defaultCertificate]
        certFile = "/certs/mycert.cer"
        keyFile = "/certs/mykey.key"

  [[tls.certificates]]
        certFile = "/certs/mycert.cer"
        keyFile = "/certs/mykey.key"
    stores = ["default"]

I saw this thread

But i got error

time="2019-10-14T14:03:08Z" level=info msg="Configuration loaded from file: /traefik.toml"
time="2019-10-14T14:03:08Z" level=error msg="Error while creating certificate store: failed to load X509 key pair: tls: failed to find any PEM data in key input" tlsStoreName=default
time="2019-10-14T14:03:08Z" level=error msg="Unable to append certificate MIIFYzCCBjTVan7lxLBrflMA0GCS to store: unable to generate TLS certificate : tls: failed to find any PEM data in key input" tlsStoreName=default
time="2019-10-14T14:03:08Z" level=error msg="Error while creating certificate store: failed to load X509 key pair: tls: failed to find any PEM data in key input" tlsStoreName=default
time="2019-10-14T14:03:08Z" level=error msg="Unable to append certificate MIIFYzCCBjTVan7lxLBrflMA0GCS to store: unable to generate TLS certificate : tls: failed to find any PEM data in key input" tlsStoreName=default

I will be appreciate for any helps! Thanks!

Regards,
Evgeny

edemin · October 17, 2019, 7:48am

Problem solved. My certs had wrong place.

azhard4int · March 4, 2020, 1:17pm

To anyone who is still facing the same issue, here is the configuration I've used:

Docker-compose.yaml

version: '3'

services:
  traefik:
    image: traefik:v2.0
    container_name: traefik
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    networks:
      - proxy
    ports:
      - 80:80
      - 443:443
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./data/traefik.yml:/traefik.yml:ro
      - ./data/dyn.yaml:/etc/traefik/dyn.yaml
      - ./data/certs:/etc/traefik/certs:ro
      #- ./data/acme.json:/acme.json
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik.entrypoints=http"
      - "traefik.http.routers.traefik.rule=Host(`traefik.yourdomain.com`)"
      #- "traefik.http.middlewares.traefik-auth.basicauth.users=USER:PASSWORD"
      - "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
      #- "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
      - "traefik.http.routers.traefik-secure.entrypoints=https"
      - "traefik.http.routers.traefik-secure.rule=Host(`traefik.yourdomain.com`)"
      #- "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
      - "traefik.http.routers.traefik-secure.tls=true"
      #- "traefik.http.routers.traefik-secure.tls.certresolver=http"
      - "traefik.http.routers.traefik-secure.service=api@internal"

networks:
  proxy:
    external: true

traefik.yml

api:
  dashboard: true

entryPoints:
  http:
    address: ":80"
  https:
    address: ":443"

providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false
  file:
    filename: /etc/traefik/dyn.yaml

dyn.yaml

tls:
  certificates:
    - certFile: "/etc/traefik/certs/cert_chain.crt"
      keyFile: "/etc/traefik/certs/server.key"
      stores:
        - default
  stores:
    default:
      defaultCertificate:
        certFile: "/etc/traefik/certs/cert_chain.crt"
        keyFile: "/etc/traefik/certs/server.key"

Following above configuration, I was able to get the Traefik with my SSL signed certificates in running form.

cysecluis · April 18, 2022, 4:27am

Thank you! Your dyn.yaml example finally fixed my issue with TLS.

Topic		Replies	Views
TLS handshake error - unknown certificate Traefik v2 docker-swarm	6	32217	April 25, 2020
Traefik v2.10 Configuration Issue with Custom SSL Certificate and Docker Traefik v2 docker	1	803	December 24, 2023
Trouble understanding how traefik picks up a custom SSL certificate for a domain Traefik v2 docker , docker-swarm	15	20900	December 14, 2020
Custom SSL Certificate Configuration Not Effective Traefik v2 docker-swarm , middleware	2	313	May 15, 2024
Custom SSL (TLS) configuration with docker Traefik v2 docker	10	806	March 11, 2024

Error with custom TLS certs

Related Topics