I have traefik deployed and directed to the host. All containers with third-level domain routes are working correctly.
I want to deploy a container so that it responds to mysite.org, but I get the error:
traefik | time="2020-09-15T06:35:27Z" level=error msg="Unable to obtain ACME certificate for domains \"<URL>\" : unable to generate a certificate for the domains [<URL>]: error: one or more domains had a problem:\n[<URL>] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: Cannot negotiate ALPN protocol \"acme-tls/1\" for tls-alpn-01 challenge, url: \n" providerName=letsencrypt.acm
If I specify URL = site.mysite.org - then everything works correctly
What's wrong with my configuration?
traefik compose - https://gist.github.com/TheDemonCat/598f18e142f6893e9c69c06f4a6f84df
app compose - https://gist.github.com/TheDemonCat/48dde32b4ab46da30db7a4ebc1f01ffe
I few thoughts:
- Which challenge you want to use http or tls? obviously you cannot use both
- when it does not work
docker inspect your container and look at the
tls.domains label. Does it look right to you?
- Is your external dns for mysite.org and site.mysite.org point to the same traefik IP?
- Do you have something like CloudFlare (or other proxy between LE and your traefik instance) that might be filtering requests?
If nothing of the above helps try doing the same with let's Encrypt CLI from the same host to prove that this is not infrastructure problem and cert generation works without traefik and with LE.
Yes, we managed to solve the problem. Proxy status in cloudflare is to blame. Changed it to DNS only and it worked)
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.