Own Certificate - tls: no certificates configured - ERR_SSL_UNRECOGNIZED_NAME_ALERT

viola511 · December 20, 2024, 4:58pm

Hi I am new to traefik. Firstly here is my docker compose file I use in my local portainer.I was experimenting nginx proxy manager and traefik and My crt and key were working with nginx proxy manager also I can see the dashboard of the traefik.

Also here is the error shown in the browser

ERR_SSL_UNRECOGNIZED_NAME_ALERT

docker-compose

services:
  traefik:
    container_name: traefik
    image: traefik:latest
    restart: unless-stopped
    ports:
      # The HTTP port
      - "80:80"
      # The HTTPS port
      - "443:443"
      # The Traefik port
      - "8080:8080"
    networks:
      - proxy
    volumes:
      - /home/traefik/:/etc/traefik/
      - /home/traefik/conf:/etc/traefik/conf/
      - /home/traefik/certs:/etc/traefik/certs/
      # So that Traefik can listen to the Docker events
      - /var/run/docker.sock:/var/run/docker.sock:ro
networks:
  proxy:

/home/traefik/dynamic_conf.yaml

tls:
  certificates:
    - certFile: /etc/traefik/cert.crt
      keyFile: /etc/traefik/cert.key
  stores:
    default:
      defaultCertificate:
        certFile: /etc/traefik/cert.crt
        keyFile: /etc/traefik/cert.key

/home/traefik/traefik.yaml

global:
  checkNewVersion: false
  sendAnonymousUsage: false

log:
  level: DEBUG
  format: common

accessLog:
  format: common

api:
  dashboard: true
  insecure: true

entryPoints:
  web:
    address: :80
    http:
      redirections:
        entryPoint:
          to: websecure
          scheme: https
  websecure:
    address: :443

providers:
  docker:
    exposedByDefault: false
  file:
    directory: /etc/traefik
    watch: true

For Test Purposes I was trying nginx then I want to do it with portainer

services:
  nginx:
    container_name: nginx
    image: nginx:latest
    networks:
      - traefik_proxy
    labels:
      - traefik.enable=true
      - traefik.http.routers.nginx.entrypoints=websecure
      - traefik.http.routers.nginx.tls={}
      - traefik.http.routers.nginx.rule=Host(`example.host.com`)
      - traefik.http.routers.nginx.service=nginx
      - traefik.http.services.nginx.loadbalancer.server.port=80
networks:
  traefik_proxy:
    external: true

Location of the certification files -> /home/traefik/certs

Logs

2024-12-20T16:48:49Z DBG github.com/traefik/traefik/v3/pkg/tls/tlsmanager.go:228 > Serving default certificate for request: "example.host.com"
2024-12-20T16:48:49Z DBG github.com/traefik/traefik/v3/pkg/tls/tlsmanager.go:228 > Serving default certificate for request: "example.host.com"
2024-12-20T16:48:49Z DBG log/log.go:245 > http: TLS handshake error from my-ip:4851: tls: no certificates configured
2024-12-20T16:48:49Z DBG log/log.go:245 > http: TLS handshake error from my-ip:4047: tls: no certificates configured

bluepuma77 · December 21, 2024, 9:55am

When checking the cert in the browser, you should see it has a Traefik name, as it was custom created.

When you check the Traefik debug log, you should see an error loading the certs from the dynamic config file on startup, as it seems the path in files is wrong, missing /certs, where the bind mount is.

Note that you should not use latest, as the whole setup could break with a major v4 release, rather pin the major version using v3.

viola511 · December 21, 2024, 12:13pm

Thank you for your reply!

You are right I did not see the error log above also I pinned the version to v3.

2024-12-21T12:11:07Z ERR github.com/traefik/traefik/v3/pkg/tls/tlsmanager.go:113 > Unable to append certificate /etc/traefik/chained.crt to store error="unable to generate TLS certificate : tls: failed to find any PEM data in certificate input" tlsStoreName=default
2024-12-21T12:11:07Z ERR github.com/traefik/traefik/v3/pkg/tls/tlsmanager.go:138 > Error while creating certificate store error="failed to load X509 key pair: tls: failed to find any PEM data in certificate input" tlsStoreName=default

I will check my certificate.

viola511 · December 23, 2024, 8:00am

The thing is I will generate my certificates again but does anybody know what traefik wants as certificates? If my question sounds nonsense I am a newbie about certificates. Thanks

viola511 · December 23, 2024, 12:22pm

openssl pkcs12 -in filename.pfx -nocerts -out filename.key

openssl pkcs12 -in filename.pfx -clcerts -nokeys -out filename.crt

I am trying these but still the same error should I create a new post?

Thanks

bluepuma77 · December 23, 2024, 12:29pm

You are aware that the browser will usually check the domain name with the cert?

And the browser will usually require a signed cert from a cert authority or you must import the generated cert public keychain into browser or OS.

viola511 · December 23, 2024, 12:41pm

Yes I am aware of these also my pfx file is valid as I mentioned above my earlier crt and key files were working with nginx proxy manager.

Thanks

Topic		Replies	Views
Using own certificate Traefik v2 docker	7	5063	May 2, 2022
Traefik 2.11 Docker SSL Configuration Issue Traefik v3 (latest) docker	1	421	March 10, 2024
TLS certificates with Docker Traefik v2 docker	2	4380	September 18, 2019
Remote error: tls: unknown certificate Traefik v2 docker	3	3024	November 9, 2023
Tls: unknown certificate Traefik v2 docker	1	8053	October 31, 2019

Own Certificate - tls: no certificates configured - ERR_SSL_UNRECOGNIZED_NAME_ALERT

Related topics