I want Traefik to get a wildcard certificate for my domain.
A basic docker-composel.yml without anything unnecessary:
services:
traefik:
image: traefik:v2.10.1
container_name: traefik
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./letsencrypt/:/letsencrypt/
ports:
- 80:80
- 443:443
networks:
- traefik
environment:
- "GANDIV5_API_KEY=..."
- "LEGO_DISABLE_CNAME_SUPPORT=true"
command:
- --log.level=DEBUG
- --providers.docker=true
- --providers.docker.exposedbydefault=false
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
- --certificatesresolvers.letsencrypt.acme.dnschallenge=true
- --certificatesresolvers.letsencrypt.acme.dnschallenge.provider=gandiv5
- --certificatesresolvers.letsencrypt.acme.dnschallenge.resolvers=1.1.1.1:53,1.0.0.1:53
- --certificatesresolvers.letsencrypt.acme.email=me@example.com
- --certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json
- --certificatesresolvers.letsencrypt.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
labels:
- "traefik.http.routers.wildcard.tls.certresolver=letsencrypt"
- "traefik.http.routers.wildcard.tls.domains[0].main=example.com"
- "traefik.http.routers.wildcard.tls.domains[0].sans=*.example.com"
networks:
traefik:
(I have separate compose files for services on that docker network.)
The logs have no errors, and there is no attempt to issue a certificate.