Invalid certificate generated by traefik

ShrewdSpirit · September 22, 2020, 6:14pm

Hello. I'm using this static config but I always get this error when I connect to routers:
certificate is valid for 6accb836c84cae6698d99a36fe50f9c8.e1c76ae8150c0d3b43497acb995bf9e1.traefik.default, not db.ssvg.dev

entryPoints:
  web:
    address: ":80"
    http:
      redirections:
        entryPoint:
          to: websecure
          scheme: https
      #     permanent: true
    transport:
      respondingTimeouts:
        idleTimeout: 10s
  websecure:
    address: ":443"
    transport:
      respondingTimeouts:
        idleTimeout: 10s

certificatesResolvers:
  leresolver:
    acme:
      caServer: https://acme-v02.api.letsencrypt.org/directory
      email: info@ssvg.dev
      storage: /etc/letsencrypt/acme.json
      httpChallenge:
        entryPoint: web
      dnsChallenge:
        resolvers:
          - "192.168.43.51"

note that I'm using dnsmasq as local dns server.

also I wonder why traefik tries to issue certificates from lets encrypt many times that I reach the rate limit and get this error level=error msg="Unable to obtain ACME certificate for domains \"db.ssvg.dev\": unable to generate a certificate for the domains [db.ssvg.dev]: acme: error: 429 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-order :: urn:ietf:params:acme:error:rateLimited :: Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/, url: " providerName=leresolver.acme routerName=adminer-router@docker rule="Host(db.ssvg.dev)" ?

cakiwi · September 22, 2020, 6:34pm

Try using another resolver using the letsencrypt staging until you get this working. Much higher limits.

You need to make use that the dns points to this server. Internet resolving DNS that is.
Also port 80 needs to be open and accessible on the internet.

You can use https://letsdebug.net/ to help troubleshoot.

ShrewdSpirit · September 22, 2020, 7:17pm

I get the same result certificate is valid for 6accb836c84cae6698d99a36fe50f9c8.e1c76ae8150c0d3b43497acb995bf9e1.traefik.default, not db.ssvg.dev even with staging. also I can't use letsdebug since my dns is a local server. everything is being done locally at the moment. I'm not sure if that's the problem

cakiwi · September 22, 2020, 7:24pm

Yes, yes it it, that is why I said:

If you'd tried letsdebug you would have got a No A or AAAA records error.

ShrewdSpirit · September 22, 2020, 7:57pm

So I need to have a static IP right?
Because right now I'm using dynamic IP and instead of using a private IP, decided to use dnsmasq with a basic config locally

cakiwi · September 22, 2020, 8:10pm

No. As long as it resolves when it tries to get a certificate from letsEncrypt.

My home setup is dynamic ip. My domain points a CNAME to a record from www.nsupdate.info

system · September 25, 2020, 8:10pm

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Need help with traefik 2 and letsencrypt Traefik v2 letsencrypt-acme	4	674	January 20, 2022
Certificate problem Traefik v2 docker	0	472	December 2, 2021
Traefik not getting SSL certificates for some domains Traefik v1 letsencrypt-acme	11	14464	July 24, 2019
K3s traefik and let's encrypt: Cannot get certificates up and running Traefik v2 letsencrypt-acme	0	936	May 23, 2020
Letsencrypt is unable to generate a certificate for the domains Traefik v2 docker , letsencrypt-acme	2	12551	October 16, 2019

Invalid certificate generated by traefik

Related topics