I have a script, that can automacI have a script that automatically requests a TLS certificate and provides a certificate query API. Now I want to query with HostSNI through Traefik's middleware plug-in, go to my script program to query the certificate and provide it to Traefik.
what should I do?
Hello,
There are 2 kinds of plugins: middleware (HTTP only) and provider.
HostSNI is a matcher for a TCP router, and middleware plugins are only for HTTP.
Otherwise, an HTTP middleware cannot provide a certificate.
So if you want to create something "on demand" it will not work.
Thank you for your answer. Now i am try the "Provider". 
Do you need to create the certificates first or do they all already exist?
- If you need to create them first, you could use the Traefik API to find the domains of the routers.
- If they already exist, you can just load them as dynamic config with
provider.fileorprovider.http.
One interesting thing you can do is inline the certificates into the config file, so you don't need to mount the cert files separately. This piece of script creates a config from all certs in domain folders from certbot:
echo TRAEFIK TLS FILE GENERATION
FILE=$WEBROOT/traefik-certbot.yml
printf "tls:\n options:\n default:\n" > $FILE
printf " minVersion: VersionTLS12\n certificates:\n" > $FILE
for NAME in $(find /etc/letsencrypt/live/ -maxdepth 1 -mindepth 1 -type d -print) ; do
echo "TRAEFIK TLS FILE ADD $NAME"
printf " # CERT FILE $NAME\n" >> $FILE
printf " - certFile: |-\n" >> $FILE
sed -e 's/^/ /' $NAME/fullchain.pem >> $FILE
printf " keyFile: |-\n" >> $FILE
sed -e 's/^/ /' $NAME/privkey.pem >> $FILE
done
echo TREAFIK TLS FILE CONTENT
cat $WEBROOT/traefik-certbot.yml
You probably need to adapt the script, but it gives a good outline. If all your certificates are in a single directory, just search for one file extension and then replace it in the loop for the other cert extension.
Further reading: I tried to create a solution for distributed Traefik CE LetsEncrypt in Docker Swarm.
1 Like
Thank you for your help. this is a good idea
I will try it by myself.
from Google Translate, please don't mind. 