Hi.
I have VPS (ubuntu 20.04) with docker installed and I'm trying to setup traefik v2 with letsencrypt certificates. For now I'm trying to get the traefik dasboard under my main domain. I've got this configuration:
docker-compose.yml:
version: '3.7'
services:
traefik:
image: traefik:2.3
restart: unless-stopped
ports:
- "80:80"
- "443:443"
volumes:
- ./config/traefik.yml:/traefik.yml
- ./letsencrypt/acme.json:/acme.json
- /var/run/docker.sock:/var/run/docker.sock
container_name: traefik
networks:
- web
labels:
- traefik.http.routers.traefik-http.rule=Host('MYDOMAIN.COM')
- traefik.http.routers.traefik-http.entrypoints=http
- traefik.http.routers.traefik-http.middlewares=redirect
- traefik.http.routers.traefik-https.rule=Host('MYDOMAIN.COM')
- traefik.http.routers.traefik-https.entrypoints=https
- traefik.http.routers.traefik-https.tls=true
- traefik.http.routers.traefik-http.service=api@internal
- traefik.http.routers.traefik-https.service=api@internal
- traefik.http.middlewares.redirect.redirectscheme.scheme=https
networks:
web:
external: true
traefik.yml:
api:
dashboard: true
log:
level: DEBUG
entryPoints:
http:
address: ":80"
https:
address: ":443"
providers:
docker:
exposedByDefault: false
network: web
watch: true
certificatesResolvers:
letsencrypt:
acme:
email: MY@EMAIL.COM
storage: acme.json
httpChallenge:
entryPoint: http
Traefik starts fine but the certificate is wrong ("TRAEFIK DEFAULT CERTIFICATE"). There are no errors or anything. The output from traefik is:
Attaching to traefik
traefik | time="2021-01-11T13:21:40Z" level=info msg="Configuration loaded from file: /traefik.yml"
traefik | time="2021-01-11T13:21:40Z" level=info msg="Traefik version 2.3.6 built on 2020-12-17T16:34:27Z"
traefik | time="2021-01-11T13:21:40Z" level=debug msg="Static configuration loaded {\"global\":{\"checkNewVersion\":true},\"serversTransport\":{\"maxIdleConnsPerHost\":200},\"entryPoints\":{\"http\":{\"address\":\":80\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":10000000000},\"respondingTimeouts\":{\"idleTimeout\":180000000000}},\"forwardedHeaders\":{},\"http\":{}},\"https\":{\"address\":\":443\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":10000000000},\"respondingTimeouts\":{\"idleTimeout\":180000000000}},\"forwardedHeaders\":{},\"http\":{}}},\"providers\":{\"providersThrottleDuration\":2000000000,\"docker\":{\"watch\":true,\"endpoint\":\"unix:///var/run/docker.sock\",\"defaultRule\":\"Host(`{{ normalize .Name }}`)\",\"network\":\"web\",\"swarmModeRefreshSeconds\":15000000000}},\"api\":{\"dashboard\":true},\"log\":{\"level\":\"DEBUG\",\"format\":\"common\"},\"certificatesResolvers\":{\"letsencrypt\":{\"acme\":{\"email\":\"MY@EMAIL.COM\",\"caServer\":\"https://acme-v02.api.letsencrypt.org/directory\",\"storage\":\"acme.json\",\"keyType\":\"RSA4096\",\"httpChallenge\":{\"entryPoint\":\"http\"}}}}}"
traefik | time="2021-01-11T13:21:40Z" level=info msg="\nStats collection is disabled.\nHelp us improve Traefik by turning this feature on :)\nMore details on: https://doc.traefik.io/traefik/contributing/data-collection/\n"
traefik | time="2021-01-11T13:21:40Z" level=info msg="Starting provider aggregator.ProviderAggregator {}"
traefik | time="2021-01-11T13:21:40Z" level=debug msg="Start TCP Server" entryPointName=http
traefik | time="2021-01-11T13:21:40Z" level=debug msg="Start TCP Server" entryPointName=https
traefik | time="2021-01-11T13:21:40Z" level=info msg="Starting provider *acme.Provider {\"email\":\"MY@EMAIL.COM\",\"caServer\":\"https://acme-v02.api.letsencrypt.org/directory\",\"storage\":\"acme.json\",\"keyType\":\"RSA4096\",\"httpChallenge\":{\"entryPoint\":\"http\"},\"ResolverName\":\"letsencrypt\",\"store\":{},\"ChallengeStore\":{}}"
traefik | time="2021-01-11T13:21:40Z" level=info msg="Testing certificate renew..." providerName=letsencrypt.acme
traefik | time="2021-01-11T13:21:40Z" level=info msg="Starting provider *docker.Provider {\"watch\":true,\"endpoint\":\"unix:///var/run/docker.sock\",\"defaultRule\":\"Host(`{{ normalize .Name }}`)\",\"network\":\"web\",\"swarmModeRefreshSeconds\":15000000000}"
traefik | time="2021-01-11T13:21:40Z" level=info msg="Starting provider *traefik.Provider {}"
traefik | time="2021-01-11T13:21:40Z" level=debug msg="Configuration received from provider letsencrypt.acme: {\"http\":{},\"tls\":{}}" providerName=letsencrypt.acme
traefik | time="2021-01-11T13:21:40Z" level=debug msg="Configuration received from provider internal: {\"http\":{\"services\":{\"api\":{},\"dashboard\":{},\"noop\":{}}},\"tcp\":{},\"tls\":{}}" providerName=internal
traefik | time="2021-01-11T13:21:40Z" level=debug msg="No default certificate, generating one"
traefik | time="2021-01-11T13:21:40Z" level=debug msg="Provider connection established with docker 18.09.0 (API 1.39)" providerName=docker
traefik | time="2021-01-11T13:21:40Z" level=debug msg="Filtering disabled container" container=traefik-traefik-c0fb3c4283825837dae42d4aad700b61911641a5ec8f84753a8f062c239307bd providerName=docker
traefik | time="2021-01-11T13:21:40Z" level=debug msg="Configuration received from provider docker: {\"http\":{},\"tcp\":{},\"udp\":{}}" providerName=docker
traefik | time="2021-01-11T13:21:40Z" level=debug msg="No default certificate, generating one"
traefik | time="2021-01-11T13:21:40Z" level=debug msg="No default certificate, generating one"
traefik | time="2021-01-11T13:21:46Z" level=debug msg="Serving default certificate for request: \"MYDOMAIN.COM\""
traefik | time="2021-01-11T13:21:46Z" level=debug msg="http: TLS handshake error from 89.64.125.175:49492: remote error: tls: unknown certificate"
traefik | time="2021-01-11T13:22:25Z" level=debug msg="Serving default certificate for request: \"MYDOMAIN.COM\""
traefik | time="2021-01-11T13:22:25Z" level=debug msg="http: TLS handshake error from 89.64.125.175:49428: remote error: tls: unknown certificate"
I'd be grateful for any help because I have no idea where to look. v1.7 worked fine before but i had problem with setting secure cookies so based on this thread: SSL passthrough with Traefik - Stack Overflow I have decided to upgrade to v2.