No dashboard, tls: unknown certificate

sljdhl · December 31, 2024, 11:49pm

Hi, im using traefik with letsencrypt and all my previous reverse proxies works fine. Today I tried to add a new one and I messed something up. I tried to check the traefik dashboard for some information but I did not manage to load it due to the 404 and error

tls: unknown certificate

Docker-compose.yaml:

version: "3.3"

services:
  traefik:
    image: traefik:latest
    restart: always
    command:
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.network=proxy"
      - "--providers.docker.exposedbydefault=false"

      - "--entrypoints.web.address=:80"
      - "--entrypoints.web.http.redirections.entrypoint.to=websecure"
      - "--entrypoints.web.http.redirections.entrypoint.scheme=https"
      - "--entrypoints.web.forwardedHeaders.insecure"
      - "--entrypoints.websecure.address=:443"

      - "--certificatesresolvers.myresolver.acme.httpchallenge=true"
      - "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
      - "--certificatesresolvers.myresolver.acme.email=email.com"
      - "--certificatesresolvers.myresolver.acme.storage=/acme-new.json"

      - "--log.level=DEBUG"
      - "--api.dashboard=true"
    ports:
      - 80:80
      - 443:443
    networks:
      proxy:
        ipv4_address: 172.29.0.3

    volumes:
      - /home/services/letsencrypt:/letsencrypt"
      - /var/run/docker.sock:/var/run/docker.sock
      - /home/docker/traefik/acme-new.json:/acme-new.json
    container_name: traefik
    labels:
      - "traefik.http.middlewares.traefik-headers.headers.sslredirect=true"
      - "traefik.http.middlewares.traefik-headers.headers.sslforehost=true"
      - "traefik.http.middlewares.traefik-headers.headers.sslproxyheaders.X-Forwarded-Proto=https"
      - "traefik.http.middlewares.traefik-headers.headers.framedeny=true"
      - "traefik.http.middlewares.traefik-headers.headers.referrerpolicy=same-origin"

      - "traefik.enable=true"
      - "traefik.docker.network=proxy"
      - "traefik.http.routers.traefik.rule=Host(`traefik.domain.se`)"
      - "traefik.http.routers.traefik.entrypoints=websecure"
      - "traefik.http.routers.traefik.tls=true"
      - "traefik.http.routers.traefik.tls.certresolver=myresolver"

  whoami:
    image: "traefik/whoami"
    container_name: "simple-service"
    networks:
      - proxy
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=proxy"
      - "traefik.http.routers.whoami.rule=Host(`whoami.domain.se`)"
      - "traefik.http.routers.whoami.entrypoints=websecure"
      - "traefik.http.routers.whoami.tls.certresolver=myresolver"

networks:
  proxy:
    name: proxy
    external: true

The whoami and similar previous setup containers work fine. Im on an old version v2.11.0 and dont dare to upgrade right now as I forget how all these things work every other year when I finally upgrade. What am I missing for the traefik dashboard and my new reverseproxy?

bluepuma77 · January 1, 2025, 9:07am

What’s the error in Traefik debug log? Look for "err" and/or "acme".

You mount a letsencrypt folder, but the acme.json is placed in root. Creation of certs can take 30 seconds. And a cert can only be created 5 times a week, then you are blocked.

You have a lot of headers set, not sure if they are all required, some are set automatically.

Compare to simple Traefik example.

sljdhl · January 1, 2025, 1:40pm

the only errors are these

time="2025-01-01T13:36:52Z" level=error msg="field not found, node: sslforehost" container=traefik-traefik-b06ed3314a1019bf33e047df67be00db40aad0c788012c80d19d4f3d61b44c41 providerName=docker

time="2025-01-01T13:37:51Z" level=error msg="field not found, node: sslforehost" providerName=docker container=traefik-traefik-b06ed3314a1019bf33e047df67be00db40aad0c788012c80d19d4f3d61b44c41

I will admit im not fully in on what im doing. I had a hard time upgrading from version 1 a while ago and it is probably some parts remaining from that..

sljdhl · January 1, 2025, 2:57pm

removing some of my labels and commands to match the simple example a bit more made the loginscreen pop up. Now I only need to remember how to sign in.. The saved passwords I got does not work, and I can remember something strange with the dollarsigns in the password string..

bluepuma77 · January 1, 2025, 3:20pm

According to Traefik header docs it should be sslForceHost.

bluepuma77 · January 1, 2025, 3:23pm

Passwords in Traefik are hashed (doc), so you can’t just copy and use them. The $ sign is doubled to escape itself.

system · January 4, 2025, 3:24pm

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Traefik not reading the certifcate from acme.json Traefik v2 docker , letsencrypt-acme	0	298	February 12, 2021
HTTPS let's encrypt not working Traefik v2 docker , letsencrypt-acme	2	4373	November 15, 2019
Lost for a long time noob Traefik v2 docker , letsencrypt-acme	1	1288	December 13, 2019
Can't access Traefik Dashboard Traefik v2 docker	4	13523	December 9, 2019
Certificate problem letsencrypt Traefik v2 docker , letsencrypt-acme	4	1142	October 3, 2021

No dashboard, tls: unknown certificate

Related topics