LEts Encrypt http challenge behind another traefik

Shreddit · July 31, 2024, 3:57pm

Hello,

i have a traefik instance behind another traefik instance for an internal network and want to switch to automatic cert renewal.

When i request a new cert with my internal traefik it fails because of the external traefik doesn't have the challenge token. Can i somehow forward the request to the internal traefik if the external traefik didn't start the cert request?

bluepuma77 · July 31, 2024, 4:27pm

You can use tlsChallenge for the first Traefik, which will proxy/forward all http requests, so you can use httpChallenge on the second one.

But the external domain needs to be resolved externally to the first Traefik instance.

To avoid this, you can use more complicated dnsChallenge, which doesn’t connect to the domain‘s IP

Topic		Replies	Views
Letsencrypt HTTP challenge stuck on stage "Testing certificate renew..." Traefik v2 letsencrypt-acme	3	2280	January 25, 2024
Http challenge race condition Traefik v2 letsencrypt-acme	2	362	September 27, 2019
Defer acme certificate challenge until first http request Traefik v2 letsencrypt-acme	3	720	July 18, 2023
RequireAndVerifyClientCert and ACME TLS-ALPN-01 Traefik v2 letsencrypt-acme	3	395	September 18, 2022
`traefik` service 404ing to letsencrypt acme http challenges (Prod down) Traefik v2 kubernetes-crd , letsencrypt-acme	0	509	February 7, 2022

LEts Encrypt http challenge behind another traefik

Related topics