Hi there!
Somehow, Traefik (v2.9.1) doesn't create my certificate from LetsEncrypt with the LuaDNS provider. I have a single-host setup, the docker-compose file as well as the config are below. In the traefik log, "Testing certificate renew ..." appears but nothing further. The acme.json file doesn't get modified.
Normal HTTP works as intended.
docker-compose.yml
version: "3"
services:
traefik:
image: mytraefik:latest
build:
context: .
network_mode: host
restart: always
env_file: .env
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"
- "traefik:/opt/traefik/"
labels:
traefik.enable: true
traefik.http.routers.traefik.entrypoints: "http,https"
traefik.http.routers.traefik.rule: "Host(`traefik.MYHOST`)"
traefik.http.routers.traefik.service: "api@internal"
traefik.http.services.traefik.loadbalancer.server.port: "8080"
volumes:
traefik:
Dockerfile
FROM traefik:v2.9.1
COPY traefik.yml /etc/traefik/traefik.yml
traefik.yml
log:
level: "INFO"
entryPoints:
http:
address: ":80"
https:
address: ":443"
certificatesResolvers:
letsencrypt:
acme:
email: "MYMAIL"
storage: "/opt/traefik/acme.json"
caServer: "https://acme-staging-v02.api.letsencrypt.org/directory"
dnsChallenge:
provider: luadns
delayBeforeCheck: 0
tls:
- domains:
main: "MYHOST"
sans:
- "*.MYHOST"
api:
dashboard: true
insecure: true
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false
http:
routers:
default:
service: "api@internal"
entrypoints: ["http"]
default-secure:
service: "api@internal"
entrypoints: ["https"]
tls:
certResolver: letsencrypt
domains:
- main: "MYHOST"
sans: ["*.MYHOST"]
Log output
time="2022-10-23T16:16:25Z" level=info msg="Configuration loaded from file: /etc/traefik/traefik.yml"
time="2022-10-23T16:16:25Z" level=info msg="Traefik version 2.9.1 built on 2022-10-03T14:22:13Z"
time="2022-10-23T16:16:25Z" level=info msg="\nStats collection is disabled.\nHelp us improve Traefik by turning this feature on :)\nMore details on: https://doc.traefik.io/traefik/contributing/data-collection/\n"
time="2022-10-23T16:16:25Z" level=info msg="Starting provider aggregator aggregator.ProviderAggregator"
time="2022-10-23T16:16:25Z" level=info msg="Starting provider *traefik.Provider"
time="2022-10-23T16:16:25Z" level=info msg="Starting provider *acme.ChallengeTLSALPN"
time="2022-10-23T16:16:25Z" level=info msg="Starting provider *acme.Provider"
time="2022-10-23T16:16:25Z" level=info msg="Testing certificate renew..." ACME CA="https://acme-staging-v02.api.letsencrypt.org/directory" providerName=letsencrypt.acme
time="2022-10-23T16:16:25Z" level=info msg="Starting provider *docker.Provider"
Things I have already checked:
- acme.json exists with permission 600
- environment variables
LUADNS_API_USERNAME
andLUADNS_API_TOKEN
exist and are correct - the letsencrypt.org website is reachable from within the docker container
Can anybody help me with this? I tried a lot of different configurations but nothing is helping.