Pass ACME requests on instead of 404? (cannot retrieve the ACME challenge)

Traefik Traefik v3 (latest)
1

I’m using Teaefik with Pangolin proxy self hosted. I’m running into an issue where I need to issue the SSL certificate with the host behind my proxy. However, it looks like Traefik is intercepting these HTTP requests and returning a 404 rather than passing on the request to the host behind the proxy. I think this maybe changed with an update because it used to work fine and now I’m unable to renew my certificate.

How can I configure Traefik to pass on the request instead of 404? I’m just seeing in the logs github.com/traefik/traefik/v3/pkg/provider/acme/challenge_http.go:110`` > Cannot retrieve the ACME challenge.

I attempted to add something to dynamic_config.yml to match the path but it still returned a 404.

mailcow-acme:
rule: "Host(mailcow.example.com) && PathPrefix(/.well-known/acme-challenge/)"
entryPoints:
- web
service: mailcow-acme-svc

services:
mailcow-acme-svc:
loadBalancer:
servers:
- url: "http://192.168.8.20:80"

I just need the cert to validate for my mailcow server, but I specifically need port 80 to go through the proxy, the other ports I can forward directly. So this means I somehow need to validate the cert in two places.

2

Do you have a https redirect configured on entrypoint web?

3

I had temporarily disabled it but I’m thinking it’s just impossible to have this work. Traefik needs to handle issuing a certificate locally and then also pass on requests for another machine to also validate. My temporarily solution was to just route traffic over port 80 for 30 seconds to the other server to validate it and then put it back. Obviously not ideal. My setup isn’t normal, but it’s a common homelab problem since we only have one public IP.