Hello!
I have the problem that currently the issuance of certificates with LetsEncrypt does not work and I seem to have tomatoes in my eyes!
I have the following docker-compose.yml:
Version: '3'
Services:
reverse-proxy:
image: traefik:v2.5
restart: if not stopped
Command:
--api=true
--providers.docker
--providers.docker.network=traefik
--providers.docker.exposedbydefault=false
--entrypoints.http.address=:80
--entrypoints.https.address=:443
--providers.docker.watch=true
--providers.docker.network=traefik
--providers.file.directory=/configuration/
--providers.file.watch=true
--log.level=WARN
--certificatesresolvers.letsencrypt.acme.tlschallenge=true
--certificatesresolvers.letsencrypt.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
--certificatesresolvers.letsencrypt.acme.email=mail@mydomain.de
--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json
--certificatesresolvers.letsencrypt.acme.httpChallenge.entryPoint=http
Ports:
- "80:80"
- "443:443"
- "8080:8080"
Volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- /opt/traefik//letsencrypt:/letsencrypt
- /opt/traefik/configuration/:/configuration
Labels:
- traefik.enable=true
- traefik.http.routers.traefik.rule=host(`traefik.mydomain.local`)
- traefik.http.routers.traefik.entrypoints=http
- traefik.http.routers.traefik.service=api@internal
- traefik.frontend.auth.basic=admin:xxxxx
- traefik.http.routers.traefik.middlewares=traefik-auth
- traefik.http.middlewares.traefik-auth.basicauth.users=admin:xxxxxxx
networks:
- traefik
NETWORKS:
traefik:
external: true
I use the following command to create the appropriate network in advance:
docker network create traefik
I then start the following container, deliberately with its own docker-compose.yml:
version: '3
services:
whoami:
image: "traefik/whoami"
container_name: "test-service"
labels:
- traefik.enable=true
- traefik.http.routers.whoami-http.rule=host(`whoami.subdomain.mydomain.de`)
- traefik.http.routers.whoami-https.entrypoints=https
- traefik.http.routers.whoami.tls.certresolver=letsencrypt
networks:
- traefik
networks:
traefik:
external: true
After a short time I get the following message:
reverse-proxy_1_deb49e1cea7a | time="2021-09-15T13:19:21Z" level=error msg="Unable to obtain ACME certificate for domains \"whoami-whoami\": unable to generate a certificate for the domains [whoami-whoami]: acme: error: 400 :: POST :: https://acme-staging-v02.api.letsencrypt.org/acme/new-order :: urn:ietf:params:acme:error:rejectedIdentifier :: Error creating new order :: Cannot issue for \"whoami-whoami\": Domain name needs at least one dot" providerName=resolver-vdb-expopartner-en.acme routerName=whoami@docker rule="Host(`whoami-whoami`)"
Somehow I can't figure out what I'm doing wrong here!
In our DNS I have defined an A record *.subdomain.mydomain.de, could this be a problem?
My thought and wish is that I simply add a container to it and the appropriate LE certificate is automatically generated (assuming the DNS is correct, of course).