How to configure HTTPS

chrions · March 28, 2023, 8:18am

I configure https according to official documents, I visited through the browser and found that it didn't work. Then I found the following error in pod's log

time="2023-03-28T07:55:43Z" level=error msg="Unable to obtain ACME certificate for domains \"kuboard.tycp.com\": cannot get ACME client get directory at 'https://acme-staging-v02.api.letsencrypt.org/directory': Get \"https://acme-staging-v02.api.letsencrypt.org/directory\": dial tcp 172.65.46.172:443: i/o timeout" routerName=kuboard-kuboard-b041a0705a5f1560e9d5@kubernetescrd ACME CA="https://acme-staging-v02.api.letsencrypt.org/directory" providerName=myresolver.acme rule="Host(`kuboard.tycp.com`)"

my deployment as follows:

kind: Deployment
apiVersion: apps/v1
metadata:
  namespace: default
  name: traefik
  labels:
    app: traefik

spec:
  replicas: 1
  selector:
    matchLabels:
      app: traefik
  template:
    metadata:
      labels:
        app: traefik
    spec:
      serviceAccountName: traefik-ingress-controller
      containers:
        - name: traefik
          image: traefik:v2.9
          args:
            - --api.insecure=true
            - --accesslog
            - --entrypoints.web.Address=:80
            - --entrypoints.websecure.Address=:443
            - --providers.kubernetescrd
            - --certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web
            - --certificatesresolvers.myresolver.acme.email=foo@tycp.com
            - --certificatesresolvers.myresolver.acme.storage=acme.json
            # Please note that this is the staging Let's Encrypt server.
            # Once you get things working, you should remove that whole line altogether.
            - --certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
          ports:
            - name: web
              containerPort: 80
            - name: websecure
              containerPort: 443
            - name: admin
              containerPort: 8080

ingressRoute as follows:

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: kuboard
  namespace: kuboard
  resourceVersion: '2219252'
spec:
  entryPoints:
    - websecure
  routes:
    - kind: Rule
      match: Host(`kuboard.tycp.com`)
      services:
        - name: kuboard-v3
          port: 80
  tls:
    certResolver: myresolver

How can I solve it

svx · March 28, 2023, 12:47pm

Hi @chrions, thanks for your interest in Traefik!

Did you follow the docs about how to use Let's Encrypt with Kubernetes?

A couple of questions:

Did you checked the domain setup?
Can you reach your service on the domain without HTTPS ?
Could you post your service definition?
Could you run Traefik in DEBUG mode and post the output?

Topic		Replies	Views
Traefik in kubernetes Traefik v1 kubernetes-ingress	7	1365	June 27, 2019
Traefik V2 not getting acme certificate Traefik v2 kubernetes-ingress , letsencrypt-acme	2	3356	September 27, 2019
ACME+KubernetesIngress Migration to Traefik V2 Traefik v2 kubernetes-ingress , letsencrypt-acme	1	361	October 3, 2019
Unable to obtain ACME certificate for domains Traefik v2 kubernetes-crd	0	762	August 6, 2020
Certificate resolver Traefik v2 letsencrypt-acme	6	2732	July 12, 2021

How to configure HTTPS

Related topics