I am currently trying to setup Traefik v2.2.1 as an ingress. I am in a situation where I have to generate certificates for different domains, on different accounts, but all are on the same provider (cloudflare). They all have SSL mode set to full (which means that Client -> CF -> Server is fully SSL). I don't really have the option to merge the accounts or transfer the domains.
I have set up Traefik to use the http acme challenge but it seems that it is not being caught by Traefik, as in the logs I get acme errors (acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: Invalid response from) on correct URL's being pinged (xyz.com/.well-known...), however, in the same error I see the first few characters of the response which is the normal HTTP response of the backend services, which would indicate that Traefik is just passing these requests along like they were regular requests.
From this, I have come to 3 solutions, only last of which I know how to achieve:
- Fix the http acme challenge
- Add multiple CF credentials to a single Traefik instance and somehow tell it which domains belong to which?
- Run multiple instances of Traefik and use either
labelselectororingressClass(which one would be more appropriate?)
I would very much like to solve the http acme challenge issue, as there may be cases where the accounts of which domains routed to the ingress would not be in my control, therefore I would be unable to use the options 2. and 3.
Thank you for any help.