[fixed] Docker Swarm + LetsEncrypt with just labels and command line (no TOML) not working

Similar situation as Traefik + Docker + LetsEncrypt | Migration v1.7 => v2.0 | epic fail! though I don't use configuration files and I am trying to follow https://docs.traefik.io/v2.0/user-guides/docker-compose/acme-http/ as closely as I can.

Pasting the relevant sections of the configuration, but I can add the whole thing later. I am using the staging one so I don't blow my rate limit.

  traefik2:
    image: traefik:v2.0.0-rc2
    ports:
      - target: 80
        published: 80
        protocol: tcp
        mode: host
      - target: 443
        published: 443
        protocol: tcp
        mode: host
    command:
      - --certificatesResolvers.staging=true
      - "--certificatesResolvers.staging.acme.email=support@trajano.net"
      - "--certificatesresolvers.staging.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory"
      - "--certificatesResolvers.staging.acme.httpchallenge=true"
      - "--certificatesResolvers.staging.acme.httpchallenge.entryPoint=http"
      - "--certificatesResolvers.staging.acme.storage=acme.json"
      - --entryPoints.http.address=:80
      - --entryPoints.https.address=:443

My service has

      labels:
        - traefik.enable=true
        - traefik.http.routers.portfolio.rule=Host(`trajano.net`)
        - traefik.http.routers.portfolio.service=portfolio
        - traefik.http.routers.portfolio.tls.certresolver=staging
        - "traefik.http.services.portfolio.loadbalancer.server.port=80"

On my logs

edge_traefik2.0.gdv0s3yqsbam@docker-desktop | time="2019-09-05T02:43:33Z" level=info msg=Register... providerName=staging.acme
edge_traefik2.0.gdv0s3yqsbam@docker-desktop | time="2019-09-05T02:43:33Z" level=error msg="Unable to obtain ACME certificate for domains "trajano.net": cannot get ACME client ACME challenge not specified, please select TLS or HTTP or DNS Challenge" providerName=staging.acme routerName=portfolio rule="Host(trajano.net)"

And I am like... it's there!

      - "--certificatesResolvers.staging.acme.httpchallenge=true"

It appears that this was the cause

This works

- "--certificatesResolvers.staging.acme.storage=/tmp/acme.json"
1 Like