Hi,
I'm new with Traefik and Docker,
I'm facing an issue with Traefik (v2.5) and Let's Encrypt on my server where my SSL certificates initially worked fine, but recently, I've been unable to regenerate them. Despite my ports 80 and 443 being open and accessible, attempts to renew the certificate result in timeouts, suggesting a potential firewall issue.
Context:
Running multiple services behind Traefik as a reverse proxy.
Initial setup was successful, and SSL certificates were obtained via Let's Encrypt for my domains.
Problems encountered only when attempting to regenerate certificates.
Relevant Traefik Logs:
traefik | ... error: one or more domains had a problem: [share.orbesle.fr] acme: error: 400 :: urn:ietf:params:acme:error:connection :: Fetching http://share.orbesle.fr/.well-known/acme-challenge/...: Timeout during connect (likely firewall problem) ... [dashboard.orbesle.fr] acme: error: 400 :: urn:ietf:params:acme:error:connection :: Fetching http://dashboard.orbesle.fr/.well-known/acme-challenge/...: Timeout during connect (likely firewall problem)
These errors repeat for several services/domains I'm trying to secure with SSL.
Traefik Configuration (traefik.yml):
entryPoints:
web:
address: ":80"
websecure:
address: ":443"
http:
routers:
# Redirection de tout le trafic HTTP vers HTTPS
http-catchall:
rule: "HostRegexp(`{host:.+}`)"
entrypoints:
- "web"
middlewares:
- "https-redirect"
# Routeur pour le Dashboard Traefik
dashboard-router:
rule: "Host(`dashboard.orbesle.fr`)"
entrypoints:
- "websecure"
service: "api@internal"
middlewares:
- "auth"
tls:
certResolver: "letsencrypt"
stmaur-router:
rule: "Host(`uptime.orbesle.fr`) && Path(`/status/stmaur`)"
entrypoints:
- "websecure"
middlewares:
- "stmaur-auth"
service: "uptime-kuma-uptime"
tls:
certResolver: "letsencrypt"
middlewares:
# Middleware de redirection HTTPS
https-redirect:
redirectScheme:
scheme: "https"
permanent: true
# Middleware d'authentification pour le Dashboard Traefik
auth:
basicAuth:
users:
- "XXXXXXXXXX"
# Middleware d'authentification pour uptime.orbesle.fr/status/stmaur
stmaur-auth:
basicAuth:
users:
- "XXXXXX"
api:
dashboard: true
certificatesResolvers:
letsencrypt:
acme:
email: "oscar@besle.org"
storage: "acme.json"
httpChallenge:
entryPoint: "web"
log:
level: "DEBUG"
providers:
docker:
exposedByDefault: false
Docker Compose Traefik :
version: '3'
services:
traefik:
image: traefik:v2.5
container_name: traefik
restart: unless-stopped
ports:
- "80:80"
- "443:443"
- "8080:8080"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"
- "./traefik.yml:/etc/traefik/traefik.yml"
- "./acme.json:/acme.json"
networks:
- web
labels:
- "traefik.enable=true"
- "traefik.http.routers.api.rule=Host(\dashboard.orbesle.fr`)"`
- "traefik.http.routers.api.entrypoints=websecure"
- "traefik.http.routers.api.tls.certresolver=letsencrypt"
- "traefik.http.routers.api.service=api@internal"
- "traefik.http.routers.api.middlewares=auth"
- "traefik.http.middlewares.auth.basicauth.users=XXXXXXXXXX"
networks:
web:
external: true
**Docker Compose Configuration Example (**docker-compose.yml) for a Service:
version: '3.8'
services:
pingvin-share:
image: stonith404/pingvin-share
restart: unless-stopped
ports:
- "3000:3000"
volumes:
- pingvin-data:/opt/app/backend/data
- pingvin-images:/opt/app/frontend/public/img
networks:
- web
labels:
- "traefik.enable=true"
- "traefik.http.routers.pingvin-share.rule=Host(`share.orbesle.fr`)"
- "traefik.http.routers.pingvin-share.entrypoints=websecure"
- "traefik.http.routers.pingvin-share.tls.certresolver=letsencrypt"
networks:
web:
external: true
Issues and Questions:
Why is Let's Encrypt encountering timeouts when connecting for the ACME challenge despite open ports 80 and 443?
Are there additional firewall configurations to check that could specifically block Let's Encrypt's ACME requests?
What troubleshooting steps are recommended to diagnose and resolve these timeout issues during the certificate regeneration process?
Any help or guidance would be greatly appreciated. Thanks in advance!