It seems like Taefik by default hits Letsencrypt for every new container I create. Even if I just manually do a simple
docker run -it alpine /bin/sh the Traefik-deamon picks up that and tries to give me a certificate using the randomly generated name (like brave_lamarr) as the host.
time=“2019-06-26T19:07:18Z” level=error msg=“Unable to obtain ACME certificate for domains “brave-lamarr.webhost1-XXX” detected thanks to rule “Host:brave-lamarr.webhost1-XXX” : unable to generate a certificate for the domains [brave-lamarr.webhost1-XXX]: acme: Error -> One or more domains had a problem:\n[brave-lamarr.webhost1-XXX] acme: error: 400 :: urn:ietf:params:acme:error:connection :: dns :: DNS problem: NXDOMAIN looking up A for brave-lamarr.webhost1-XXX, url: \n”
Since this attempt obviously fail Letsencrypt starts to rate-limit me after a number of created containers. Luckily the temporary ban is released in a rather short time so it’s not a huge issue. But it is stil something I’d like to fix anyways.
I thought that the
[docker] exposedByDefault = false
setting in Traefik.toml would not only stop the proxying, but also the handling of certificates. But it seems like that is not the case…
If there’s a way of turning off the certificate handling altogether and then selectively enabling it with a
- label in docker-compose.yml for each site there I’d be happy. I guess there’s some way of achieving this.
Ah yes - if it is version dependent I’d better say that I run Docker 18.06.1-ce, docker-compose 1.24.1 and Traefik v1.7.12