My certificatesResolvers wasn't created when I want to use it

shiipou · November 5, 2019, 3:31pm

Hello everyone,

My https let's encrypt certificate are invalid (default traefik certificate on the dashboard for example)

I use Traefik:v2.0 docker image and here is my configuration file :

version: "3.7"

services:
  ingress:
    image: traefik:v2.0
    networks:
      - traefik-net
    ports:
      - "80:80"
      - "443:443"
    command:
      ###                          ###
      # Traefik Global Configuration #
      ###                          ###
      # Enable DEBUG logs
      - "--log.level=DEBUG"
      - "--ping=true"
      # Enable api access without authentification (only GET route so it only possible to get IPs)
      - "--api.insecure=true"
      # Set the provider to Docker
      - "--providers.docker=true"
      # Set the docker network
      - "--providers.docker.network=traefik-net"
      # Set to docker swarm cluster
      - "--providers.docker.swarmMode=true"
      # If False : Do not expose containers to the web by default
      - "--providers.docker.exposedByDefault=false"
      # Default rule to service-name.nocturlab.fr
      #- "--providers.docker.defaultRule=Host(`{{ trimPrefix `/` .Name }}.nocturlab.fr`)"
      # Default http port
      - "--entrypoints.http.address=:80"
      # Default https port
      - "--entrypoints.https.address=:443"
      # Enable let's encrypt
      - "--certificatesresolvers.certbot.acme.httpChallenge=true"
      - "--certificatesresolvers.certbot.acme.httpChallenge.entrypoint=http"
      - "--certificatesresolvers.certbot.acme.email=admin@nocturlab.fr"
      - "--certificatesresolvers.certbot.acme.storage=/letsencrypt/acme.json"

    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./acme.json:/letsencrypt/acme.json
    deploy:
      replicas: 1
      labels:
        ###               ###
        # Traefik Dashboard #
        ###               ###
        # Enable this endpoint
        - traefik.enable=true
        ##
        # Http
        #
        # Set the service route
        - traefik.http.routers.ingress_http.rule=Host(`dashboard.nocturlab.fr`)
        # Set the entrypoint (http or https)
        - traefik.http.routers.ingress_http.entrypoints=http
        # Rule to redirect to http to https
        - traefik.http.middlewares.ingress-https-redirect.redirectscheme.scheme=https
        # Enable Https redirection
        - traefik.http.routers.ingress_http.middlewares=ingress-https-redirect@docker
        #
        ##

        ##
        # Https
        #
        - traefik.http.routers.ingress_https.rule=Host(`dashboard.nocturlab.fr`)
        # Set the entrypoint (http or https)
        - traefik.http.routers.ingress_https.entrypoints=https
        # Enable Let's encrypt auto certificat creation
        - traefik.http.routers.ingress_https.tls.certresolver=certbot
        # Enable authentification
        - traefik.http.routers.ingress_https.middlewares=ingress-auth@docker
        # Uncommant this to enable basic authentification
        - traefik.http.middlewares.ingress-auth.basicauth.users=myuser:$$this$$is$$my$$password
        #
        ##

        ##
        # Service
        #
        # Set the service port
        - traefik.http.services.ingress.loadbalancer.server.port=8080
        #
        ##
      placement:
        constraints:
          - node.role == manager
          - node.hostname == nocturlab-ks
networks:
  traefik-net:
    external: true

If I've correctly understand Traefik v2, this CLI argument activate the 'certbot' Certificate Resolver and I can use it on any service.

      --certificatesresolvers.certbot.acme.httpChallenge=true
      --certificatesresolvers.certbot.acme.httpChallenge.entrypoint=http
      --certificatesresolvers.certbot.acme.email=admin@nocturlab.fr
      --certificatesresolvers.certbot.acme.storage=/letsencrypt/acme.json

And I've created an empty 'acme.json' file.

Here is my Traefik log in DEBUG output :

time="2019-11-05T15:15:30Z" level=debug msg="Creating middleware" serviceName=ingress middlewareName=pipelining middlewareType=Pipelining entryPointName=http routerName=ingress_http@docker
time="2019-11-05T15:15:30Z" level=debug msg="Creating load-balancer" routerName=ingress_http@docker serviceName=ingress entryPointName=http
time="2019-11-05T15:15:30Z" level=debug msg="Creating server 0 http://10.0.0.198:8080" serviceName=ingress entryPointName=http routerName=ingress_http@docker serverName=0
time="2019-11-05T15:15:30Z" level=debug msg="Added outgoing tracing middleware ingress" routerName=ingress_http@docker middlewareName=tracing middlewareType=TracingForwarder entryPointName=http
time="2019-11-05T15:15:30Z" level=debug msg="Creating middleware" routerName=ingress_http@docker middlewareName=ingress-https-redirect@docker middlewareType=RedirectScheme entryPointName=http
time="2019-11-05T15:15:30Z" level=debug msg="Setting up redirection to https " middlewareType=RedirectScheme entryPointName=http routerName=ingress_http@docker middlewareName=ingress-https-redirect@docker
time="2019-11-05T15:15:30Z" level=debug msg="Adding tracing to middleware" entryPointName=http routerName=ingress_http@docker middlewareName=ingress-https-redirect@docker
time="2019-11-05T15:15:30Z" level=debug msg="Creating middleware" routerName=cloud-http@docker serviceName=cloud middlewareName=pipelining middlewareType=Pipelining entryPointName=http
time="2019-11-05T15:15:30Z" level=debug msg="Creating load-balancer" serviceName=cloud entryPointName=http routerName=cloud-http@docker
time="2019-11-05T15:15:30Z" level=debug msg="Creating server 0 http://10.0.0.20:80" serverName=0 entryPointName=http routerName=cloud-http@docker serviceName=cloud
time="2019-11-05T15:15:30Z" level=debug msg="Added outgoing tracing middleware cloud" routerName=cloud-http@docker middlewareName=tracing middlewareType=TracingForwarder entryPointName=http
time="2019-11-05T15:15:30Z" level=debug msg="Creating middleware" entryPointName=http middlewareName=cloud-https-redirect@docker middlewareType=RedirectScheme routerName=cloud-http@docker
time="2019-11-05T15:15:30Z" level=debug msg="Setting up redirection to https " entryPointName=http middlewareName=cloud-https-redirect@docker middlewareType=RedirectScheme routerName=cloud-http@docker
time="2019-11-05T15:15:30Z" level=debug msg="Adding tracing to middleware" routerName=cloud-http@docker middlewareName=cloud-https-redirect@docker entryPointName=http
time="2019-11-05T15:15:30Z" level=debug msg="Creating middleware" serviceName=vscode middlewareName=pipelining middlewareType=Pipelining entryPointName=http routerName=vscode-http@docker
time="2019-11-05T15:15:30Z" level=debug msg="Creating load-balancer" entryPointName=http routerName=vscode-http@docker serviceName=vscode
time="2019-11-05T15:15:30Z" level=debug msg="Creating server 0 http://10.0.0.150:8080" routerName=vscode-http@docker serviceName=vscode serverName=0 entryPointName=http
time="2019-11-05T15:15:30Z" level=debug msg="Added outgoing tracing middleware vscode" entryPointName=http routerName=vscode-http@docker middlewareType=TracingForwarder middlewareName=tracing
time="2019-11-05T15:15:30Z" level=debug msg="Creating middleware" middlewareType=RedirectScheme entryPointName=http routerName=vscode-http@docker middlewareName=vscode-https-redirect@docker
time="2019-11-05T15:15:30Z" level=debug msg="Setting up redirection to https " entryPointName=http routerName=vscode-http@docker middlewareName=vscode-https-redirect@docker middlewareType=RedirectScheme
time="2019-11-05T15:15:30Z" level=debug msg="Adding tracing to middleware" entryPointName=http middlewareName=vscode-https-redirect@docker routerName=vscode-http@docker
time="2019-11-05T15:15:30Z" level=debug msg="Creating middleware" serviceName=db middlewareName=pipelining middlewareType=Pipelining entryPointName=http routerName=db-http@docker
time="2019-11-05T15:15:30Z" level=debug msg="Creating load-balancer" entryPointName=http routerName=db-http@docker serviceName=db
time="2019-11-05T15:15:30Z" level=debug msg="Creating server 0 http://10.0.0.15:8080" routerName=db-http@docker serviceName=db serverName=0 entryPointName=http
time="2019-11-05T15:15:30Z" level=debug msg="Added outgoing tracing middleware db" routerName=db-http@docker middlewareName=tracing middlewareType=TracingForwarder entryPointName=http
time="2019-11-05T15:15:30Z" level=debug msg="Creating middleware" middlewareName=traefik-internal-recovery middlewareType=Recovery entryPointName=http
time="2019-11-05T15:15:30Z" level=debug msg="Creating middleware" entryPointName=https routerName=vscode-https@docker serviceName=vscode middlewareName=pipelining middlewareType=Pipelining
time="2019-11-05T15:15:30Z" level=debug msg="Creating load-balancer" entryPointName=https routerName=vscode-https@docker serviceName=vscode
time="2019-11-05T15:15:30Z" level=debug msg="Creating server 0 http://10.0.0.150:8080" entryPointName=https routerName=vscode-https@docker serviceName=vscode serverName=0
time="2019-11-05T15:15:30Z" level=debug msg="Added outgoing tracing middleware vscode" routerName=vscode-https@docker entryPointName=https middlewareName=tracing middlewareType=TracingForwarder
time="2019-11-05T15:15:30Z" level=debug msg="Creating middleware" entryPointName=https routerName=db-https@docker serviceName=db middlewareName=pipelining middlewareType=Pipelining
time="2019-11-05T15:15:30Z" level=debug msg="Creating load-balancer" routerName=db-https@docker serviceName=db entryPointName=https
time="2019-11-05T15:15:30Z" level=debug msg="Creating server 0 http://10.0.0.15:8080" entryPointName=https routerName=db-https@docker serverName=0 serviceName=db
time="2019-11-05T15:15:30Z" level=debug msg="Added outgoing tracing middleware db" middlewareName=tracing middlewareType=TracingForwarder entryPointName=https routerName=db-https@docker
time="2019-11-05T15:15:30Z" level=debug msg="Creating middleware" entryPointName=https routerName=ingress_https@docker serviceName=ingress middlewareName=pipelining middlewareType=Pipelining
time="2019-11-05T15:15:30Z" level=debug msg="Creating load-balancer" entryPointName=https routerName=ingress_https@docker serviceName=ingress
time="2019-11-05T15:15:30Z" level=debug msg="Creating server 0 http://10.0.0.198:8080" routerName=ingress_https@docker serviceName=ingress entryPointName=https serverName=0
time="2019-11-05T15:15:30Z" level=debug msg="Added outgoing tracing middleware ingress" entryPointName=https routerName=ingress_https@docker middlewareName=tracing middlewareType=TracingForwarder
time="2019-11-05T15:15:30Z" level=debug msg="Creating middleware" entryPointName=https routerName=ingress_https@docker middlewareName=ingress-auth@docker middlewareType=BasicAuth
time="2019-11-05T15:15:30Z" level=debug msg="Adding tracing to middleware" routerName=ingress_https@docker entryPointName=https middlewareName=ingress-auth@docker
time="2019-11-05T15:15:30Z" level=debug msg="Creating middleware" routerName=cloud-https@docker serviceName=cloud entryPointName=https middlewareName=pipelining middlewareType=Pipelining
time="2019-11-05T15:15:30Z" level=debug msg="Creating load-balancer" routerName=cloud-https@docker serviceName=cloud entryPointName=https
time="2019-11-05T15:15:30Z" level=debug msg="Creating server 0 http://10.0.0.20:80" serviceName=cloud entryPointName=https routerName=cloud-https@docker serverName=0
time="2019-11-05T15:15:30Z" level=debug msg="Added outgoing tracing middleware cloud" middlewareType=TracingForwarder entryPointName=https routerName=cloud-https@docker middlewareName=tracing
time="2019-11-05T15:15:30Z" level=debug msg="Creating middleware" entryPointName=https middlewareName=traefik-internal-recovery middlewareType=Recovery
time="2019-11-05T15:15:30Z" level=debug msg="No default certificate, generating one"
time="2019-11-05T15:15:31Z" level=debug msg="Creating TCP server 0 at 10.0.0.13:5432" serverName=0 serviceName=psql entryPointName=psql routerName=psql@docker
time="2019-11-05T15:15:31Z" level=debug msg="Adding route * on TCP" entryPointName=psql routerName=psql@docker
time="2019-11-05T15:15:31Z" level=error msg="the router ingress_https uses a non-existent resolver: certbot"
time="2019-11-05T15:15:31Z" level=error msg="the router cloud-https uses a non-existent resolver: certbot"
time="2019-11-05T15:15:31Z" level=error msg="the router vscode-https uses a non-existent resolver: certbot"
time="2019-11-05T15:15:31Z" level=error msg="the router db-https uses a non-existent resolver: certbot"

Can someone help me ?

shiipou · November 5, 2019, 4:55pm

I found the problem, The ACME.json got generated with an % at the end, I deleted it, and it work now.

Topic		Replies	Views
SSL certificate not being generated for services in docker swarm Traefik v2 letsencrypt-acme	4	2001	February 3, 2021
DNS error certificate generation Traefik v2 docker , docker-swarm , file , letsencrypt-acme , tcp	0	452	January 4, 2022
Problem with tls challenge - Get the default traefik certificate Traefik v2 docker , docker-swarm , letsencrypt-acme	4	3112	June 2, 2020
A custom certificate is not used by Traefik Traefik v3 (latest) docker-swarm , letsencrypt-acme	11	199	April 19, 2024
Can't get certificateResolvers to work with route53 provider Traefik v2 docker , letsencrypt-acme	1	508	May 4, 2023

My certificatesResolvers wasn't created when I want to use it

Related Topics