Invalid certificate generated by traefik

ShrewdSpirit · September 22, 2020, 6:14pm

Hello. I'm using this static config but I always get this error when I connect to routers:
certificate is valid for 6accb836c84cae6698d99a36fe50f9c8.e1c76ae8150c0d3b43497acb995bf9e1.traefik.default, not db.ssvg.dev

entryPoints:
  web:
    address: ":80"
    http:
      redirections:
        entryPoint:
          to: websecure
          scheme: https
      #     permanent: true
    transport:
      respondingTimeouts:
        idleTimeout: 10s
  websecure:
    address: ":443"
    transport:
      respondingTimeouts:
        idleTimeout: 10s

certificatesResolvers:
  leresolver:
    acme:
      caServer: https://acme-v02.api.letsencrypt.org/directory
      email: info@ssvg.dev
      storage: /etc/letsencrypt/acme.json
      httpChallenge:
        entryPoint: web
      dnsChallenge:
        resolvers:
          - "192.168.43.51"

note that I'm using dnsmasq as local dns server.

also I wonder why traefik tries to issue certificates from lets encrypt many times that I reach the rate limit and get this error level=error msg="Unable to obtain ACME certificate for domains \"db.ssvg.dev\": unable to generate a certificate for the domains [db.ssvg.dev]: acme: error: 429 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-order :: urn:ietf:params:acme:error:rateLimited :: Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/, url: " providerName=leresolver.acme routerName=adminer-router@docker rule="Host(db.ssvg.dev)" ?

cakiwi · September 22, 2020, 6:34pm

Try using another resolver using the letsencrypt staging until you get this working. Much higher limits.

You need to make use that the dns points to this server. Internet resolving DNS that is.
Also port 80 needs to be open and accessible on the internet.

You can use https://letsdebug.net/ to help troubleshoot.

ShrewdSpirit · September 22, 2020, 7:17pm

I get the same result certificate is valid for 6accb836c84cae6698d99a36fe50f9c8.e1c76ae8150c0d3b43497acb995bf9e1.traefik.default, not db.ssvg.dev even with staging. also I can't use letsdebug since my dns is a local server. everything is being done locally at the moment. I'm not sure if that's the problem

cakiwi · September 22, 2020, 7:24pm

Yes, yes it it, that is why I said:

If you'd tried letsdebug you would have got a No A or AAAA records error.

ShrewdSpirit · September 22, 2020, 7:57pm

So I need to have a static IP right?
Because right now I'm using dynamic IP and instead of using a private IP, decided to use dnsmasq with a basic config locally

cakiwi · September 22, 2020, 8:10pm

No. As long as it resolves when it tries to get a certificate from letsEncrypt.

My home setup is dynamic ip. My domain points a CNAME to a record from www.nsupdate.info

system · September 25, 2020, 8:10pm

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Certificate problem Traefik v2 docker	0	433	December 2, 2021
Issue requesting SSL using ACME Traefik v3 (latest) docker , letsencrypt-acme	0	26	September 18, 2024
Invalid Let's Encrypt cert with Docker Traefik v2 docker , letsencrypt-acme	0	382	December 15, 2020
CN=TRAEFIK DEFAULT CERT despite certificates correctly generating Traefik v2 docker , letsencrypt-acme , cli	22	1628	February 2, 2024
Traefik SSL Let's Encrypt invalid certificate Traefik v2 docker , letsencrypt-acme	2	855	October 4, 2022

Invalid certificate generated by traefik

Related Topics