xxx.xxx.xx.xxx is my public IP address
xxxxx is my subdomain name of xxxxx.duckdns.org
Error message:
traefik2 | 2024-05-06T15:13:03Z DBG log/log.go:245 > http: TLS handshake error from xxx.xxx.xx.xxx:56340: remote error: tls: unknown certificate
I'm using duckdns for domain provider, when I try to access websecure domains, I get a page with not found page: 404 page not found
This issue happens only while I'm trying to access websecure services
docker container: websecure-nginx
|traefik.enable|true|
|traefik.http.routers.websecure-nginx.entrypoints|websecure|
|traefik.http.routers.websecure-nginx.rule|Host(`websecure.mypublicserver.duckdns.org`)|
|traefik.http.routers.websecure-nginx.tls|true|
|traefik.http.routers.websecure-nginx.tls.certresolver|myresolver|
docker container: web-nginx
|traefik.enable|true|
|traefik.http.routers.web-nginx.entrypoints|web|
|traefik.http.routers.web-nginx.rule|Host(`web.mypublicserver.duckdns.org`)|
All of the containers are on the same network: proxy
Here are my configs:
./docker-compose.yml
services:
traefik:
image: docker.io/library/traefik:v3.0.0
container_name: traefik2
env_file:
- .env
ports:
- 80:80
- 443:443
# -- (Optional) Enable Dashboard, don't do in production
- 8080:8080
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./config/traefik.yml:/etc/traefik/traefik.yml:ro
- ./config/conf/:/etc/traefik/conf/
- ./config/certs/:/etc/traefik/certs/
# -- (Optional) When using Cloudflare as Cert Resolver
# environment:
# - CF_DNS_API_TOKEN=your-cloudflare-api-token
# -- (Optional) When using a custom network
networks:
- proxy
restart: unless-stopped
# -- (Optional) When using a custom network
networks:
proxy:
external: true
./config/traefik.yml
global:
checkNewVersion: false
sendAnonymousUsage: false
log:
level: DEBUG
format: common
api:
dashboard: true
insecure: true
entryPoints:
web:
address: :80
websecure:
address: :443
http:
tls:
certresolver: myresolver
certificatesresolvers:
myresolver1:
acme:
email: hudainazarov.b@gmail.com
caServer: "https://acme-staging-v02.api.letsencrypt.org/directory"
storage: /etc/traefik/certs/acme.json
dnschallenge:
provider: duckdns
disablePropagationCheck: true
delaybeforecheck: 20
providers:
docker:
exposedByDefault: false
file:
directory: /etc/traefik
watch: true
./.env
DUCKDNS_TOKEN=my_duckdns_token
DUCKDNS_SUBDOMAIN=my_duckdns_subdomain
You need to assign the same name as you declare:
I've tested it now with following changes, but unfortunately it still doesnt work
Error messages:
traefik2 | 2024-05-07T07:31:30Z DBG log/log.go:245 > http: TLS handshake error from MY_IP_ADDRESS:61691: remote error: tls: unknown certificate
traefik2 | 2024-05-07T07:31:30Z DBG github.com/traefik/traefik/v3/pkg/tls/tlsmanager.go:228 > Serving default certificate for request: "SUBSUBDOMAIN.SUBDOMAIN.duckdns.org"
traefik2 | 2024-05-07T07:34:52Z DBG github.com/traefik/traefik/v3/pkg/tls/tlsmanager.go:228 > Serving default certificate for request: "SUBSUBDOMAIN.SUBDOMAIN.duckdns.org"
traefik2 | 2024-05-07T07:34:52Z DBG log/log.go:245 > http: TLS handshake error from MY_IP_ADDRESS:61716: remote error: tls: unknown certificate
traefik2 | 2024-05-07T07:34:52Z DBG github.com/traefik/traefik/v3/pkg/tls/tlsmanager.go:228 > Serving default certificate for request: "SUBSUBDOMAIN.SUBDOMAIN.duckdns.org"
global:
checkNewVersion: false
sendAnonymousUsage: false
log:
level: DEBUG
format: common
api:
dashboard: true
insecure: true
entryPoints:
web:
address: :80
websecure:
address: :443
http:
tls:
certresolver: myresolver
certificatesresolvers:
myresolver:
acme:
email: my_email_address
caServer: "https://acme-staging-v02.api.letsencrypt.org/directory"
storage: /etc/traefik/certs/acme.json
dnschallenge:
provider: duckdns
disablePropagationCheck: true
delaybeforecheck: 20
providers:
docker:
exposedByDefault: false
file:
directory: /etc/traefik
watch: true
Here is another case with the same issue with tls not working for websecure routes using traefik v3: Tls not working after upgrade to v3
@bluepuma77 Some updates on this issue?
Works for me.
services:
traefik:
image: traefik:v3.0
ports:
- 80:80
- 443:443
networks:
- proxy
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- letsencrypt:/letsencrypt
#- /var/log:/var/log
environment:
- DUCKDNS_TOKEN=a1-b2-c3
command:
- --api.dashboard=true
- --log.level=DEBUG
#- --log.filepath=/var/log/traefik.log
- --accesslog=true
#- --accesslog.filepath=/var/log/traefik-access.log
- --providers.docker.network=proxy
- --providers.docker.exposedByDefault=false
- --entrypoints.web.address=:80
- --entrypoints.web.http.redirections.entrypoint.to=websecure
- --entryPoints.web.http.redirections.entrypoint.scheme=https
- --entrypoints.websecure.address=:443
- --entrypoints.websecure.asDefault=true
- --entrypoints.websecure.http.tls.certresolver=myresolver
- --certificatesresolvers.myresolver.acme.dnschallenge.provider=duckdns
- --certificatesresolvers.myresolver.acme.dnschallenge.delaybeforecheck=20
- --certificatesresolvers.myresolver.acme.email=mail@example.com
- --certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json
labels:
- traefik.enable=true
- traefik.http.routers.mydashboard.rule=Host(`xyz-traefik.duckdns.org`)
- traefik.http.routers.mydashboard.service=api@internal
- traefik.http.routers.mydashboard.middlewares=myauth
- traefik.http.middlewares.myauth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/
whoami:
image: traefik/whoami:v1.8
networks:
- proxy
labels:
- traefik.enable=true
- traefik.http.routers.mywhoami.rule=Host(`xyz-whoami.duckdns.org`)
- traefik.http.services.mywhoami.loadbalancer.server.port=80
networks:
proxy:
name: proxy
volumes:
letsencrypt:
name: letsencrypt
now this works for me fine using your config! Thanks a lot, I still don't know what the problem was with my config
system
Closed
8
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.