I'm currently trying to get a wildcard ACME certificate with DNS Challenge from Google cloud DNS. Traefik is only serving the TRAEFIK DEFAULT CERT.
The certificates resolver is sending an error message I don't understand:
cannot get ACME client googlecloud: unable to acquire config: invalid character 'o' in literal null (expecting 'u')" providerName=leresolver.acme
I've had successful DNS challenge with the gcloud service account and Traefik before.
The related debug messages:
level=debug msg="Looking for provided certificate(s) to validate [\"some.nu\" \"*.some.nu\"]..." providerName=leresolver.acme
level=debug msg="Domains [\"some.nu\" \"*.some.nu\"] need ACME certificates generation for domains \"some.nu,*.some.nu\"." providerName=leresolver.acme
level=debug msg="Loading ACME certificates [some.nu *.some.nu]..." providerName=leresolver.acme
level=debug msg="Building ACME client..." providerName=leresolver.acme
level=debug msg="https://acme-v02.api.letsencrypt.org/directory" providerName=leresolver.acme
level=info msg=Register... providerName=leresolver.acme
level=debug msg="legolog: [INFO] acme: Registering account for martin@erenfinbil.com"
level=debug msg="Using DNS Challenge provider: gcloud" providerName=leresolver.acme
level=error msg="Unable to obtain ACME certificate for domains \"some.nu,*.some.nu\" : cannot get ACME client googlecloud: unable to acquire config: invalid character 'o' in literal null (expecting 'u')" providerName=leresolver.acme
level=debug msg="Serving default certificate for request: \"home.some.nu\""
docker-compose.yml
secrets:
gcp_service_account:
file: "/home/server/docker/secrets/project-com-8a38da91d478.json"
usersfile:
file: "/home/server/docker/secrets/usersfile"
networks:
traefik-proxy:
external:
name: traefik-proxy
services:
homeassistant:
container_name: homeassistant
image: homeassistant/home-assistant:latest
restart: "unless-stopped"
ports:
- 8123:8123
volumes:
- ${USERDIR}/docker/homeassistant/config:/config:z
- ${USERDIR}/docker/shared:/shared:z
environment:
- TZ=${TZ}
networks:
- traefik-proxy
labels:
- "traefik.enable=true"
- "traefik.http.routers.homeassistant.rule=(Host(`homeassistant.some.nu`))"
- "traefik.http.routers.homeassistant.entrypoints=websecure"
- "traefik.http.routers.homeassistant.tls.certresolver=leresolver"
- "traefik.http.routers.homeassistant.tls.domains[0].main=some.nu"
- "traefik.http.routers.homeassistant.tls.domains[0].sans=*.some.nu"
- "traefik.docker.network=traefik-proxy"
- "traefik.http.middlewares.homeassistant-auth.basicauth.usersfile=/run/secrets/usersfile"
- "traefik.http.routers.homeassistant.middlewares=homeassistant-auth"
traefik:
container_name: traefik
image: traefik:latest
restart: always
networks:
- traefik-proxy
ports:
- 80:80
- 443:443
- 8080:8080
environment:
- GOOGLE_APPLICATION_CREDENTIALS=/run/secrets/gcp_service_account
- GCE_SERVICE_ACCOUNT_FILE=/run/secrets/gcp_service_account
- GCE_PROJECT=erenfinbil-com
- GCE_SERVICE_ACCOUNT=some-nu-dns@project-com.iam.gserviceaccount.com
volumes:
- /var/run/docker.sock:/var/run/docker.sock:z
- ${USERDIR}/docker/traefik:/etc/traefik:z
- ${USERDIR}/docker/shared:/shared:z
- ${USERDIR}/docker/traefik/traefik.yml:/etc/traefik/traefik.yml:z
secrets:
- "gcp_service_account"
traefik.yml
entryPoints:
web:
address: ':80'
websecure:
address: ':443'
traefik:
address: ':8080'
providers:
docker:
watch: true
exposedByDefault: false
api:
insecure: true
dashboard: true
debug: true
certificatesResolvers:
leresolver:
acme:
email: server@domain.com
storage: /etc/traefik/acme/acme.json
dnsChallenge:
# used during the challenge
provider: gcloud
log:
level: DEBUG
filePath: "/etc/traefik/logs/traefik.log"
*
(Domain named have been changed)
Any help is appreciated.