Hello Forum,
I have a problem with the Let's Encrypt configuration and can't find the error.
I read the help for the TLS and HTTP configuration and either I'm too stupid to understand it or it's the technique that doesn't work, I don't know.
(By the way, the DNS configuration is not an alternative, as I see it, there are only paid providers here).
To the technology, which now has nothing directly to do with the traefik:
- I found a DYN DNS provider that will make my device, which has an IPv6 address, accessible.
- I'm using a FritzBox and have released the ports 80 and 443 for my device. This means that Let's Encrypt and Traefik should be able to communicate with each other using the standard HTTP and HTTPS ports. (By the way, they can for sure since my application is accessible via HTTP/HTTPS. Only Let's Encrypt fails)
- The following docker-compose.yml is complete as it is. The setup is extra reduced for a post in the forum, but the occurring error is the same as I get in my setup. So in plain text, I'm actually trying to connect a GOGS and a NextCloud to the outside. The two WHOAMI containers are enough to clarify my problem.
- In addition, I made the whole example anonymous, of course. I hope that no logical errors have crept in.
I will begin with the error message:
$docker-compose logs
Attaching to whoami1, reverse-proxy, whoami2
whoami1 | Starting up on port 80
whoami2 | Starting up on port 80
reverse-proxy | time="2020-06-05T21:10:22Z" level=info msg="Configuration loaded from flags."
reverse-proxy | time="2020-06-05T21:10:22Z" level=info msg="Traefik version 2.2.1 built on 2020-04-29T18:02:09Z"
reverse-proxy | time="2020-06-05T21:10:22Z" level=info msg="\nStats collection is disabled.\nHelp us improve Traefik by turning this feature on :)\nMore details on: https://docs.traefik.io/contributing/data-collection/\n"
reverse-proxy | time="2020-06-05T21:10:22Z" level=info msg="Starting provider aggregator.ProviderAggregator {}"
reverse-proxy | time="2020-06-05T21:10:22Z" level=info msg="Starting provider *docker.Provider {\"watch\":true,\"endpoint\":\"unix:///var/run/docker.sock\",\"defaultRule\":\"Host(`{{ normalize .Name }}`)\",\"exposedByDefault\":true,\"swarmModeRefreshSeconds\":15000000000}"
reverse-proxy | time="2020-06-05T21:10:22Z" level=info msg="Starting provider *acme.Provider {\"email\":\"test@example.com\",\"caServer\":\"https://acme-staging-v02.api.letsencrypt.org/directory\",\"storage\":\"/letsencrypt/acme.json\",\"keyType\":\"RSA4096\",\"tlsChallenge\":{},\"ResolverName\":\"mytlsresolver\",\"store\":{},\"ChallengeStore\":{}}"
reverse-proxy | time="2020-06-05T21:10:22Z" level=info msg="Testing certificate renew..." providerName=mytlsresolver.acme
reverse-proxy | time="2020-06-05T21:10:22Z" level=info msg="Starting provider *traefik.Provider {}"
reverse-proxy | time="2020-06-05T21:10:23Z" level=info msg="Skipping same configuration" providerName=docker
reverse-proxy | time="2020-06-05T21:11:03Z" level=info msg=Register... providerName=mytlsresolver.acme
reverse-proxy | time="2020-06-05T21:11:09Z" level=error msg="Unable to obtain ACME certificate for domains \"whoami1.example.com\": unable to generate a certificate for the domains [whoami1.example.com]: error: one or more domains had a problem:\n[whoami1.example.com] acme: error: 400 :: urn:ietf:params:acme:error:connection :: Error getting validation data, url: \n" providerName=mytlsresolver.acme routerName=whoami1@docker rule="Host(`whoami1.example.com`)"
reverse-proxy | time="2020-06-05T21:11:14Z" level=error msg="Unable to obtain ACME certificate for domains \"whoami2.example.com\": unable to generate a certificate for the domains [whoami2.example.com]: error: one or more domains had a problem:\n[whoami2.example.com] acme: error: 400 :: urn:ietf:params:acme:error:connection :: Error getting validation data, url: \n" providerName=mytlsresolver.acme routerName=whoami2@docker rule="Host(`whoami2.example.com`)"
$cat docker-compose.yml
version: '3.8'
services:
reverse-proxy:
container_name: "reverse-proxy"
image: traefik:v2.2
restart: unless-stopped
labels:
# global redirect to https
- "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
- "traefik.http.routers.http-catchall.entrypoints=web"
- "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
# middleware redirect
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
command:
- "--log.level=INFO"
- "--api.insecure=true"
- "--certificatesresolvers.mytlsresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
- "--certificatesresolvers.mytlsresolver.acme.email=test@example.com"
- "--certificatesresolvers.mytlsresolver.acme.storage=/letsencrypt/acme.json"
- "--certificatesresolvers.mytlsresolver.acme.tlschallenge=true"
- "--entrypoints.web.address=:80"
- "--entrypoints.websecure.address=:443"
##- "--providers.docker.exposedbydefault=false"
- "--providers.docker=true"
ports:
- "80:80"
- "443:443"
- "8080:8080"
volumes:
- "./letsencrypt:/letsencrypt"
- "/var/run/docker.sock:/var/run/docker.sock"
whoami1:
container_name: "whoami1"
image: containous/whoami
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoami1.entrypoints=websecure"
- "traefik.http.routers.whoami1.rule=Host(`whoami1.example.com`)"
- "traefik.http.routers.whoami1.tls.certresolver=mytlsresolver"
- "traefik.http.routers.whoami1.tls=true"
- "traefik.http.services.whoami1.loadbalancer.server.port=80"
ports:
- "881:80"
whoami2:
image: containous/whoami
container_name: "whoami2"
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoami2.entrypoints=websecure"
- "traefik.http.routers.whoami2.rule=Host(`whoami2.example.com`)"
- "traefik.http.routers.whoami2.tls.certresolver=mytlsresolver"
- "traefik.http.routers.whoami2.tls=true"
- "traefik.http.services.whoami2.loadbalancer.server.port=80"
ports:
- "882:80"
$cat acme.json
{
"mytlsresolver": {
"Account": {
"Email": "test@example.com",
"Registration": {
"body": {
"status": "valid",
"contact": [
"mailto:test@example.com"
]
},
"uri": "https://acme-staging-v02.api.letsencrypt.org/acme/acct/14039070"
},
"PrivateKey": "XXXXXXXXXXXXXxXXxXXxxXXXX3XxXxXXxXXXxXxxxXXxxXXXxx1xx/xXxXxX+8xxXxxxXxXXXx4xXxxxxxXXx5xx1x1X2xxXxXxXxxxxxXxXxx9XxxxxxXXXxXx0xX0xX5XXX4XXxxXxxXxXx9xxxx/6X6xXxxXxX1xXx0xXx5xXXxxxXXX1X2xXXXX5X1xX2XXXx3XXX2XXxXXXXxXxXXxXXxxxXXxx3XxxXxxxXXXxXx81XXxx6xXXx8xxX1XXxX38XxxXxx7xxXX9XXxXxXXxxX0XxxXx7xXXXXx22XXXxXx3xX7xXxX8xX3xXXxxX1xX543/7xxxx6XXXxXxXX5xXxXXxxX3xXXXxXxXXXXXx2XXx9XXx8xxX84xxx9xxX/XxXXXXXXxx3XxxxXXx6XxxxXXXx7xX1Xx3X5xXXXxxXXxX4XXXx+x0x2x3x402XxX7xxXxxxXX88XXXXX/2Xxx6+xx582xXXX6xX7xXX95XX8XXxX9XXx9XXXx/xxxXxxxxxxxXxXx98xXx0xxXXX1+xxxXx6XXxXX1X7XXXxxx4Xx+xXXxXxxxxXxx5xX5XX36XxXxXxXXXXxXXXXXX6/xxx174xXX33xxX1XXxxXxxxxXXXX1XXxXXX1xx76xXxXX7XxxXXXxX3xx/XxXxxxxX8XX2xX+xXXxxxXxXxXxx8XXxXxx16xX8XXxXXXXXXXxXxXXXX0XX5x/X6XXxXXXxxXXXxxxX9xx2xXXxxx7xXXx9Xxxx7xxxXXXXxXX0x+Xx2XxxxXXxxxxXXXX1XXxXxxX5XxX3x78Xx9+X9xxxxX6Xx/xxx7xxXXxxxx/XXxXXXXXxXXxx4xXXxxxx30x+XxxxXXX8xXxX5XxXXxxXXXxxx/x+XX2XXx45XXxx/7XXX8x3XXX538XXxxxX0xx40XXxxxx68xxx8xxxx2xXxxXXxX+xxxxxXxxxXX5xXxx+xxxXxxx1X1xXxxxxx+XXX5XX8xxxxxXX8xXxxxXX6XxxxXx2Xx62xXxXxxx/6xXxxxxx7/x7x7XxXXxXXxXXxx1XxxXXXx7XxxxXX8XXxXXXxXX9xxXxXXXxxxXX407x8X0XXxxxX7xxxXX985XxxXx6X6XxXxXXxXXXxX4XxXXxXXXxxx6Xx7XxXXxx0x667+XxxxXxxXxxxXxX11XXXXx0xXxX48x4XX8xxXX0x+xX6xx3XxxxxXXxxxX3xX96XxxxxxxxXXXxxXxXX+4XXX9XXxX8X6xXxX5xX80Xxxx/xXXxx4xXxXx45Xx9XX1XxxXX461xx0xXXXXXXx3Xxx1+x6x1XXX23XxXx3Xx2XXxX0XxxxXxxXXXxxxx8XxXx2xxxX0X+XXxxXXxx76xxX8x2xxXxXXXx1xXXXXXXxXXXXXXX6xXXxXxxXXxxxxxxXxxXXXXX5XXxxXXxXXxxXXXX20xX2XXXxxxxXXxXXXXxxxXX4xXXxxxXXxXX6xXxXxxXxX1XxxX9XXXxxxXxxx/XxXxxxX0/X9XxXxXXXXxxxX7/xXxXXXx+xXXx6xxxxxxXXX9xXx2xxxX3x142XxX510X08XxXX4XxXxXxx+XXXXXxxxxxXXXxXXx7x9xXxX0X37XxX0X4xXXXX8X558XxxXxx3XXxxxX/xxXxXXxxX5xXXxxxxxxxXxxX04xX9Xxx0X4/xxXXXXXXX4xXxxxxX74xxX+6Xx5XX8xXxXxxxx5x/xxXx00XXXXXxXXXxXxx2XXXXXXX26Xx1XXXXX5XxX1xxXXxxxx3XxxXxxXXXxxXXx3X2XXXx2X66XXX/xXX1XXXxxXxxxxxxxxxxXX8XxX96XxX4XXxxXX0xx5xxxX3x4xxx+XxXxXxxxxx3x68xxxxX825X/XXx42xXXXX7xxxx00XXXx6X/xxxXxXX7Xx7X/31XXXXXxXxxx5xx4+XXXxXX+XX96xXX2xXxxX7xXXx0XxxxxxXx6xXx+XxxXXXXxx03xXx4XXxX7xX7XX83Xx0xxXxXXxXXX9xxXxx88x4xxXXXX3Xxx2XX2xxX74XX5X+9xxxxXxXxXXxXXxxXx2x7XXXXxXXxxXx64xX/XXxX0x9xXXXXXXXxxX6X0xxxXXXXXX7xXXxxX7xxxxXxxX/1/+XXXxXxXx0xx1xxXXXXxx9XXxXx9xxxxxXX8x4xXXXxXxXxxXX68xXXXX8XX/x9xXx0XxXxX95xxxXxXxxxxxxXxxXx3xXxXX9X5xXXXxXxxX/x9x2Xxxx/xx/XxxXXxXXx/xxx9X1xX+xxxXxXXXXxx8xx/0x5XXx+9x95+XxxxxXXx6XX4x9xXXxx7XXX+xXxxXxxXxxxXxX8xXXxxX/X7XxxxxXxXX3x9XXXXxX5XxxxxXxX9xxXXx09X3x3XxXXxXXxxxXXXxX+4XxX0XxxxXXxXXXXXxxX3xXXXXxxXX7xXXXxXXXXXx0xxxXXXXXXXxXX8xXx6Xx8xxXXxxxXX9x21x+xXXX1Xxx33xXXXx1x6xXX3xxXxx6xxxXXX8x7/XxXXxxx08xXXX6xXXXxX2XxXxXxXxXxXXx9X1Xx3xxXXxx+/XXxX8X6Xxx4XX36xxxxxxxxxXXXx4X452XXxXX7xX+XX8XxxXXxXX+x4Xx/xxxXxX/4XXxxxxx3XxxXxXX1xx/Xxx1XXxXXxX+XxxXxXXx1X0xXXXxXXxxxXxxXXxXXxXx9XxXxX8XXXxX4xXXXXXxxxxXXxxxX293xX5Xxxxx9xx+xXXX9xx387xx8XXXxXXXxxXxxxxX02xxx4x7xxXX7xxXxXXXXxXXX1xxXX+XXxX3xxXXxXXxxXx89XxxXx2xx+XxXxXXXXxxXXxX3XxX1xxxXXxXxxXxX+0x0xXX6XXxXXxXxxXXX3X7XXXxXXxXXXx8x6xX36x5xxXxxXXxxxxXxxXxxxXXxXX+xXXxxxXXXXXxxX9XXxXx4XXX48X1XxXxxxXXX0xXxXXxxX+X7xXxxXX77xxxxXX3XXxxxXxxxxX7XxX7XxxX2XxxXxxx94XxxXxxXxxxXXXxXxX77xXX7x7xxxxx0x0xXxxxX9x6xxx/8xxX1X/xXXXxxXX9xxXxXxX8xxXxXX+X8xxXx7xxXXxXXxXxxXX4XX+7X/xXxXXxxx=",
"KeyType": "4096"
},
"Certificates": null
}
}
Would be great if someone could help me, because I have no idea what's going wrong and I haven't read the internet about the error and haven't found anything that would help.
With kind regards
Andreas