Force renewal let's encrypt certificate

Traefik Traefik v2
,
1

I have Traefik 1.7 running as a DaemonSet with consul as KV store. I want to migrate to Traefik v2 which does not support consul as KV store in community edition.

I tried to retrieve existing cert from consul with consul kv export traefik-external-certificates/acme/account which is in the following format.

[
	{
		"key": "traefik-external-certificates/acme/account/lock",
		"flags": 36789972625689376455,
		"value": "wsdrtgghbfdrtgbvftyhbvgyujh0"
	},
	{
		"key": "traefik-external-certificates/acme/account/object",
		"flags": 36789972625689376455,
		"value": "***********************"
	}
]

How can I use this existing certificate in Traefik v2 ?
If this is not possible then how can I force renew existing certificate so when Traefik v2 starts up it gets the new certificate ?

2

Hello,

You can use the https://github.com/ldez/traefik-certs-dumper/ to extract the certificates.

And after you have to follow the acme.json (v2) format:

{
  "myresolver": {
    "Account": {
      "Email": "test@example.com",
      "Registration": {
        "body": {
          "status": "valid",
          "contact": [
            "mailto:test@example.com"
          ]
        },
        "uri": "https://acme-v02.api.letsencrypt.org/acme/acct/00000001"
      },
      "PrivateKey": "UHJpdmF0ZUtleSB0ZXN0",
      "KeyType": "4096"
    },
    "Certificates": [
      {
        "domain": {
          "main": "test.example.com"
        },
        "certificate": "Y2VydGlmaWNhdGUgdGVzdA==",
        "key": "a2V5IHRlc3Q=",
        "Store": "default"
      }
    ]
  }
}
1 Like
3

How do I get the account number ?

Also is
"PrivateKey": "UHJpdmF0ZUtleSB0ZXN0", is letsencrypt.key ?