How to avoid: failed to verify certificate: x509 with external services / vps

I'm trying to get a VPS with traefik in-front of a VPS with wordpress (with SSL enabled) working, so I can route certain paths to different services.

www.domain.com --> https://123.123.123.123
www.domain.com/api --> different service / vps
www.domain.com/app --> other service / vps

Following rule is configured:
serversTransport:
insecureSkipVerify: true

But I still get the following error:
'500 Internal Server Error' caused by: tls: failed to verify certificate: x509: cannot validate certificate for xxx.xxx.xxx.xxx because it doesn't contain any IP SANs

How can this be fixed / avoided?

My configurations:

traefik.yml

global:
  checkNewVersion: false
  sendAnonymousUsage: false

api:
  dashboard: true
  insecure: true

entryPoints:
  web:
    address: :80
  websecure:
    address: :443

serversTransport:
  insecureSkipVerify: true

tls:
  stores:
    default:
      defaultCertificate:
        certFile: /etc/ssl/default-cert.pem
        keyFile: /etc/ssl/default-key.pem

providers:
  docker:
    exposedByDefault: false
  file:
    directory: /etc/traefik
    watch: true

domain.com.yml

entryPoints:
  web:
    address: ":80"
  websecure:
    address: ":443"

providers:
  docker:
    exposedByDefault: false

http:
  routers:
    redirect-to-https:
      rule: "Host(`www.domain.com`)"
      entryPoints:
        - "web"
      middlewares:
        - redirect-to-https
      service: noop@internal

    my-https-router:
      rule: "Host(`www.domain.com`)"
      entryPoints:
        - "websecure"
      service: "my-service"
      tls: {}

  middlewares:
    redirect-to-https:
      redirectScheme:
        scheme: https
        permanent: true

  services:
    my-service:
      loadBalancer:
        servers:
          - url: "https://123.123.123.123"

There is a lot mixed up in your config.

In your static config traefik.yml you should have global, api, entrypoints, serversTransport and providers.

In you dynamic config file domain.com.yml you should have http and tls.

Thanks @bluepuma77, after putting all the pieces in the right places everything worked as expected.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.