Lets encrypt failure, migrating 1.7 to 2.3

I am trying to migrate from version 1.7.x to 2.3.x. I have been following the Blog by Anand at Smart Home beginner,

He uses Cloudflare which i thought i would make the jump to but i get tons of wired issues so i pulled it back to stay with GoDaddy for now and got the same issues so thought let me stick with fixing GoDaddy first before creating unknown issues caused by the change of service.

I restored to the config file to just try and get a comparable setup to migrate from then i could moved to the Docker CLI spin up and eventually think about moving to Cloudflare for the protection

Thanks in advance for any help trying to get this resolved.

Environment
Domain host is: GoDaddy
Docker version: 19.03.13
Docker host OS & version:linux x86_64 Ubuntu 20.04.1 LTS
ISP: Virgin Media

Old config
Traefik 1 docker version = 1.7.20
traefik.toml
real domain names have been changed

debug = true

logLevel = "WARN" #DEBUG, INFO, WARN, ERROR, FATAL, PANIC
defaultEntryPoints = ["http", "https"]
InsecureSkipVerify = true

# WEB interface of Traefik - it will show web page with overview of frontend and backend configurations 
[web]
address = ":8093"
  [web.auth.basic]
  usersFile = "/shared/.htpasswd"

[entryPoints.traefik]
  address = ":8093"
    [entryPoints.traefik.auth.basic]
    # get md5 from htpasswd or http://www.htaccesstools.com/htpasswd-generator/
    usersFile = "/shared/.htpasswd"

[api]
entryPoint = "traefik"
dashboard = true

# Force HTTPS
[entryPoints]
  [entryPoints.http]
  address = ":80"
  [entryPoints.http.redirect]
    entryPoint = "https"
  
  [entryPoints.https]
  address = ":443"
  [entryPoints.https.tls]

[retry]

[file]
directory = "/etc/traefik/rules/"
watch = true

# Let's encrypt configuration
[acme]
email = "user@email.com" #any email id will work
storage="/etc/traefik/acme/acme.json"
entryPoint = "https"
acmeLogging=true 
onDemand = false #create certificate when container is created
onHostRule = true
#caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"
  # Use a HTTP-01 acme challenge rather than TLS-SNI-01 challenge
  #[acme.httpChallenge]
  #entryPoint = "http"
  [acme.dnsChallenge]
  provider = "godaddy"
  delayBeforeCheck = 30

[[acme.domains]]
#  sans = "plex.manningmadness.com"
  main = "myexample.com"


# Connection to docker host system (docker.sock local .95)
[docker]
# endpoint = "unix:///var/run/docker.sock"
domain = "myexample.com.com"
watch = true
# This will hide all docker containers that don't have explicitly  
# set label to "enable"
exposedbydefault = false

# # Metrics definition
# [metrics]
#   # To enable Traefik to export internal metrics to Prometheus
#   [metrics.prometheus]
#     # Name of the related entry point
#     entryPoint = "traefik"

#     # Buckets for latency metrics
#     buckets = [0.1,0.3,1.2,5.0]

:woozy_face:
Traefik 2.3 docker version: v2.3.2
traefik.yml

# Static Configuration
global:
  checkNewVersion: true
  sendAnonymousUsage: true

log:
  level: Debug

accessLog:
  filePath: "/traefik.log"
  bufferingSize: 100
  filters:
    statusCodes: # Show client error type codes
      - "400-499"

api:
  dashboard: true

# pilot:
#   token: "xxxxxxxxxxxxxxxxxxxx"

entryPoints:
  http:
    address: ":80"
    http:
      redirections: # global redirect, remove and set at router level if needed
        entrypoint:
          to: https
          scheme: https
  https:
    address: ":443"
    http:
      tls:
        # options: 
        #   # - "/config/tls-opts.yml"
        #   - "/config/tls-opts@file"
        certResolver: dns-godaddy
        domains:
          - main: "myexample.com"
            # sans:
            #   - "*.myexample.com"
  traefik:
    address: ":8093"

providers:
  docker:
    endpoint: "tcp://socket_proxy:2375"
    # defaultRule: "Host(`{{ index .Labels \"com.docker.compose.service\" }}.$DOMAINNAME1`)"
    exposedByDefault: false
    network: t2_proxy
  file:
   directory: "/rules"
   watch: true

certificatesResolvers:
  dns-godaddy:
    acme:
      email: "user@email.com"
      storage: "/acme/acme.json"
      # caServer: https://acme-staging-v02.api.letsencrypt.org/directory
      httpChallenge:
        # used during the challenge
        entryPoint: https

      dnsChallenge:
        provider: godaddy
        delayBeforeCheck: 15
        resolvers:
          - "8.8.8.8:53"
          # - "173.201.74.17:53"```

Traefik 2.3 log

time="2020-11-16T17:39:49Z" level=debug msg="Adding tracing to middleware" middlewareName=middlewares-secure-headers@file entryPointName=https routerName=traefik-rtr@docker
time="2020-11-16T17:39:49Z" level=debug msg="Creating middleware" routerName=traefik-rtr@docker middlewareName=middlewares-rate-limit@file middlewareType=RateLimiterType entryPointName=httpstime="2020-11-16T17:39:49Z" level=debug msg="U>
time="2020-11-16T17:39:49Z" level=debug msg="Adding tracing to middleware" middlewareName=middlewares-rate-limit@file entryPointName=https routerName=traefik-rtr@docker
time="2020-11-16T17:39:49Z" level=debug msg="Creating middleware" entryPointName=https middlewareName=traefik-internal-recovery middlewareType=Recovery
time="2020-11-16T17:39:49Z" level=debug msg="No default certificate, generating one"
time="2020-11-16T17:39:49Z" level=debug msg="No domain parsed in provider ACME" providerName=dns-godaddy.acme routerName=authelia-rtr@docker rule="HostHeader(authelia.myexample.com)"
time="2020-11-16T17:39:49Z" level=debug msg="Looking for provided certificate(s) to validate ["myexample.com"]..." providerName=dns-godaddy.acme
time="2020-11-16T17:39:49Z" level=debug msg="Domains ["myexample.com"] need ACME certificates generation for domains "myexample.com"." providerName=dns-godaddy.acme
time="2020-11-16T17:39:49Z" level=debug msg="Loading ACME certificates [myexample.com]..." providerName=dns-godaddy.acme
time="2020-11-16T17:39:49Z" level=debug msg="Building ACME client..." providerName=dns-godaddy.acme
time="2020-11-16T17:39:49Z" level=debug msg="https://acme-staging-v02.api.letsencrypt.org/directory" providerName=dns-godaddy.acme
time="2020-11-16T17:39:49Z" level=debug msg="Looking for provided certificate(s) to validate ["myexample.com"]..." providerName=dns-godaddy.acme
time="2020-11-16T17:39:49Z" level=debug msg="No ACME certificate generation required for domains ["myexample.com"]." providerName=dns-godaddy.acme
time="2020-11-16T17:39:49Z" level=debug msg="Looking for provided certificate(s) to validate ["myexample.com"]..." providerName=dns-godaddy.acme
time="2020-11-16T17:39:49Z" level=debug msg="No ACME certificate generation required for domains ["myexample.com"]." providerName=dns-godaddy.acme
time="2020-11-16T17:39:49Z" level=debug msg="Looking for provided certificate(s) to validate ["myexample.com"]..." providerName=dns-godaddy.acme
time="2020-11-16T17:39:49Z" level=debug msg="No ACME certificate generation required for domains ["myexample.com"]." providerName=dns-godaddy.acme
time="2020-11-16T17:39:49Z" level=debug msg="Looking for provided certificate(s) to validate ["myexample.com"]..." providerName=dns-godaddy.acme
time="2020-11-16T17:39:49Z" level=debug msg="No ACME certificate generation required for domains ["myexample.com"]." providerName=dns-godaddy.acme
time="2020-11-16T17:39:50Z" level=debug msg="Using DNS Challenge provider: godaddy" providerName=dns-godaddy.acme
time="2020-11-16T17:39:50Z" level=debug msg="Using HTTP Challenge provider." providerName=dns-godaddy.acme
time="2020-11-16T17:39:50Z" level=debug msg="legolog: [INFO] [myexample.com] acme: Obtaining bundled SAN certificate"
time="2020-11-16T17:39:51Z" level=debug msg="legolog: [INFO] [myexample.com] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/155803414"
time="2020-11-16T17:39:51Z" level=debug msg="legolog: [INFO] [myexample.com] acme: Could not find solver for: tls-alpn-01"
time="2020-11-16T17:39:51Z" level=debug msg="legolog: [INFO] [myexample.com] acme: use http-01 solver"
time="2020-11-16T17:39:51Z" level=debug msg="legolog: [INFO] [myexample.com] acme: Trying to solve HTTP-01"
time="2020-11-16T17:39:51Z" level=debug msg="Serving default certificate for request: "myexample.com""
time="2020-11-16T17:39:51Z" level=debug msg="Remote error http://authelia:9091/api/verify?rd=https://authelia.myexample.com. StatusCode: 401" middlewareName=middlewares-authelia@file middlewareType=ForwardedAuthType
time="2020-11-16T17:39:51Z" level=debug msg="Serving default certificate for request: "myexample.com""
time="2020-11-16T17:39:51Z" level=debug msg="Remote error http://authelia:9091/api/verify?rd=https://authelia.myexample.com. StatusCode: 401" middlewareName=middlewares-authelia@file middlewareType=ForwardedAuthType
time="2020-11-16T17:39:51Z" level=debug msg="Serving default certificate for request: "myexample.com""
time="2020-11-16T17:39:52Z" level=debug msg="Serving default certificate for request: "myexample.com""
time="2020-11-16T17:39:52Z" level=debug msg="Remote error http://authelia:9091/api/verify?rd=https://authelia.myexample.com. StatusCode: 401" middlewareName=middlewares-authelia@file middlewareType=ForwardedAuthType
time="2020-11-16T17:39:52Z" level=debug msg="Remote error http://authelia:9091/api/verify?rd=https://authelia.myexample.com. StatusCode: 401" middlewareName=middlewares-authelia@file middlewareType=ForwardedAuthType
time="2020-11-16T17:39:57Z" level=debug msg="legolog: [INFO] Deactivating auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/155803414"
time="2020-11-16T17:39:57Z" level=debug msg="legolog: [INFO] Unable to deactivate the authorization: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/155803414"
time="2020-11-16T17:39:57Z" level=error msg="Unable to obtain ACME certificate for domains "myexample.com" : unable to generate a certificate for the domains [myexample.com]: error: one or more domains had a problem:\n[myexample.com] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: Invalid response from https://myexample.com/.well-known/acme-challenge/knWSqg3mkHD_Wgsggsm6f2BOZrfvAGQWsT7pjj0UbrVM [xxx.xxx.xxx.xxx]: 401, url: \n" providerName=dns-godaddy.acme

:pray: can anyone help me, please? :arrow_double_up:

I went back to basics and somehow got this finally working with a combination of Certificate migration.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.