I am getting this:
time="2024-01-23T04:13:40Z" level=error msg="Error renewing certificate from LE: {mydomain.com https://acme-v02.api.letsencrypt.org/directory " error="error: one or more domains had a problem:\n[nydomain.com ] acme: error: 400 :: urn:ietf:params:acme:error:tls :: xx.xx.xx.xx: remote error: tls: unrecognized name\n"
Traefik 2.9.3, runs in a container on a docker swarm, worked fine for a year. In the container looks good:
Server: 127.0.0.11
Non-authoritative answer:acme-v02.api.letsencrypt.org canonical name = prod.api.letsencrypt.org prod.api.letsencrypt.org canonical name = ca80a1adb12a4fbdac5ffcbc944e9a61.pacloudflare.com ca80a1adb12a4fbdac5ffcbc944e9a61.pacloudflare.com
Non-authoritative answer:acme-v02.api.letsencrypt.org canonical name = prod.api.letsencrypt.org prod.api.letsencrypt.org canonical name = ca80a1adb12a4fbdac5ffcbc944e9a61.pacloudflare.com ca80a1adb12a4fbdac5ffcbc944e9a61.pacloudflare.com
/ # nslookup mydomain.com
Non-authoritative answer:
Non-authoritative answer:mydomain.com
Any ideas how to fix this?
Start by updating Traefik to latest, why use an outdated version from October 2022, maybe an LE API has changed.
Thank you for your comment, already tried the latest traefik - did not help, the same error.
Share your full Traefik static and dynamic config, and docker-compose.yml if used.
static config is empty, all is default thus?
All this worked fine with traefik 2.9.3 since last certificates update a year ago, certificates expired recently
if this is important - this runs on a raspberry pi 4
Some ideas:
Set log level to debug
Enable constraint node.role == manager, too
There seem to be some mounted things, maybe from a NAS. Is the connection stable and all files are really available within Docker? If not, restart the container.
log that precedes the failure, this was always there, on startup, did not manage to fix this
time="2024-01-23T04:13:02Z" level=error msg="accept tcp [::]:80: use of closed network connection" entryPointName=ep-http
time="2024-01-23T04:13:02Z" level=error msg="accept tcp [::]:443: use of closed network connection" entryPointName=ep-https
time="2024-01-23T04:13:02Z" level=error msg="close tcp [::]:443: use of closed network connection" entryPointName=ep-https
time="2024-01-23T04:13:02Z" level=error msg="close tcp [::]:80: use of closed network connection" entryPointName=ep-http
Static config is in command.
That sometimes happens, but usually when the old container is shut down.
yolkhovyy:
command
command section of docker compose?
i physically moving the equipment, probably disconnected some cables, power was on
i switched to latest after that, should be a new container
does it make sense to clean logs, maybe re-create docker volumes?
LetsEncrypt certs usually only last for 3 months. Did you use a paid TLS cert before?
it's an nfs volume on the same host, not nas, just shared nfs volume
node.hostname is hardwired to the same host, there are multiple managers in the docker swarm, traefik should run on this host because of nat config on the internet provider router
never used payed, it's the free one
You can have multiple constraints, Traefik must run on manager.
Restart the Traefik container and check the logs again. Check if some or all TLS fail, check acme.json file.
looking at debug logs, there is a lot, need a few minutes
time="2024-01-23T04:02:37Z" level=error msg="Unable to obtain ACME certificate for domains "foo.mydomain.com": unable to generate a certificate for the domains [foo.mydomain.com ]: acme: error: 429 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-order :: urn:ietf:params:acme:error:rateLimited :: Error creating new order :: too many failed authorizations recently: see Failed Validation Limit - Let's Encrypt " routerName=r-foo@file rule="Host(foo.mydomain.com)" providerName=certresolver.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory "