Migrating from nginx to Traefik: building acme.json from existing certificates?


I'm using w/ great satisfaction traefik a+ Let's Encrypt with cert requests and pubic ip. I know there's also dns challanege but our main dns does not have api so it's not yet an option.

I need to migrate ngnix sites that already have a certificate valid and I'd like to use those sites in the test phase (where the setup/ip is not yet public).

Is there a way to build acme.json starting from already working certificates?


Are these already using LetsEncrypt? Maybe do a force-renew so you have additional time for testing/cutover.

When I did this I just took the certificates themselves and created a tls.certificate entry in a file provider.

Before expiry of certificates I updated the routers to use the LetsEncrypt certificate resolver.

Ok, I found the format of the acme.json so I'll do the scripting to translate between the 2 formats. I prepare to use acme.json directly, so I don't have to get back later and change.

I believe this format changed between v1 and v2.

It was referenced in a previous post I canot find at this minute.

But acme is explicitly mentioned in the traefik-migration-tool

I managed to create acme info starting from the nginx certificate (and viceversa) in a pretty simple way. The difference with the old format seems to be just an added key: value "Store": "default".

In Python the simple lines of code are:

    def file2base64(filename):
       return base64.b64encode(open(filename, 'rb').read())
    OutputDict = {
        "domain": {
            "main": domain,
            "sans": alternative_names
        "certificate": file2base64(cert),
        "key": file2base64(key),
        "Store": 'default',

    print(json.dumps(OutputDict, indent=4))
1 Like