I get this error, any idea why? I'm totally stuck and I have tried everything
time="2023-05-24T19:28:40+02:00" level=error msg="Unable to obtain ACME certificate for domains "whatever.com.es,.whatever.com.es"" ACME CA="https://acme-v02.api.letsencrypt.org/directory" error="unable to generate a certificate for the domains [whatever.com.es .whatever.com.es]: error: one or more domains had a problem:\n[.whatever.com.es] [.whatever.com.es] acme: error presenting token: cloudflare: failed to create TXT record: Record already exists. (81057)\n[whatever.com.es] [whatever.com.es] acme: error presenting token: cloudflare: failed to create TXT record: Record already exists. (81057)\n" providerName=letsencrypt.acme routerName=homeassistant@file rule="Host(
ha.whatever.com.es)"
I was using previously SWAG(nginx) so now I'm generating the certs with traefik.
COMPOSE
###############################################################
# Traefik
###############################################################
version: '3.9'
# Services ####################################################
services:
traefik:
container_name: Traefik
image: traefik:latest
restart: unless-stopped
depends_on:
- socketproxy
networks:
socketproxy: # rename this to your custom docker network
br2:
ipv4_address: 10.10.50.250
dns: 10.10.50.5
ports:
- "80:80"
- "443:443"
- "8080:8080" # Dashboard port
volumes:
- "/mnt/user/Docker/Traefik:/etc/traefik/"
environment:
- TZ
- DOCKER_HOST=socketproxy
- CF_API_EMAIL=asdasdasd@asdasdassd.com
- CF_DNS_API_TOKEN=asdasdasdasdasdasdasd
labels:
- "traefik.enable=true"
# dashboard
- "traefik.http.routers.traefik-dashboard.rule=Host(`traefik.int.whatever.com.es`)"
- "traefik.http.routers.traefik-dashboard.service=dashboard@internal"
- "traefik.http.routers.api.rule=Host(`traefik.int.whatever.com.es`) && PathPrefix(`/api`)"
- "traefik.http.routers.api.service=api@internal"
- "traefik.http.routers.traefik-dashboard.tls=true"
- "traefik.http.routers.traefik-dashboard.tls.certresolver=letsencrypt"
- "traefik.http.routers.api.tls=true"
- "traefik.http.routers.api.tls.certresolver=letsencrypt"
- "traefik.http.services.traefik-dashboard.loadbalancer.server.port=8080"
#- "traefik.http.routers.traefik.middlewares=local-ipwhitelist"
socketproxy:
container_name: Traefik_socket-proxy
image: tecnativa/docker-socket-proxy
restart: unless-stopped
networks:
- socketproxy
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"
environment:
- LOG_LEVEL=info # debug,info,notice,warning,err,crit,alert,emerg
- CONTAINERS=1
- POST=0
privileged: true
networks:
br2:
driver: macvlan
external: true
socketproxy:
internal: true
traefik.yml
# https://docs.ibracorp.io/traefik/master/docker-compose/config-files-explained
global:
checkNewVersion: true
sendAnonymousUsage: false
serversTransport:
insecureSkipVerify: true # allow insecure backend connections
entryPoints: # Not used in apps, but redirect everything from HTTP to HTTPS
http80:
address: :80
http:
redirections:
entryPoint:
to: https443
scheme: https
permanent: true
# HTTPS endpoint, with domain wildcard
https443:
address: :443
#forwardedHeaders:
# trustedIPs: *trustedIps # Reuse list of Cloudflare Trusted IP's above for HTTPS requests
http:
tls:
certResolver: letsencrypt
domains:
- main: whatever.com.es
sans:
- '*.whatever.com.es'
middlewares:
- securityHeaders@file
providers:
providersThrottleDuration: 15s
file:
filename: /etc/traefik/fileConfig.yml
watch: true
# Docker provider for connecting all apps that are inside of the docker network
docker:
watch: true
network: socketproxy # Add Your Docker Network Name Here
# Default host rule to containername.domain.example
defaultRule: "Host(`{{ index .Labels \"com.docker.compose.service\"}}.whatever.com.es`)"
swarmModeRefreshSeconds: 15s
exposedByDefault: false
endpoint: "tcp://socketproxy:2375"
# Enable traefik ui
api:
dashboard: true
insecure: false
# Log level INFO|DEBUG|ERROR
log:
level: INFO # (Default: error) DEBUG, INFO, WARN, ERROR, FATAL, PANIC
filePath: "/etc/traefik/logs/traefik.log"
accesslog:
filePath: "/etc/traefik/logs/access.log"
bufferingSize: 100
filters:
statusCodes:
- "204-299"
- "400-499"
- "500-599"
# Use letsencrypt to generate ssl serficiates
certificatesResolvers:
letsencrypt:
acme:
email: server@server.com
storage: /etc/traefik/acme.json
dnsChallenge:
provider: cloudflare
# Used to make sure the dns challenge is propagated to the rights dns servers
resolvers:
- "1.1.1.1:53"
- "1.0.0.1:53"
delayBeforeCheck: 90
fileconfig.yml
http:
# Home Assistant
routers:
homeassistant:
entryPoints:
- https443
rule: 'Host(`ha.whatever.com.es`)'
#tls:
# certResolver: "letsencrypt"
service: homeassistant
middlewares:
services:
homeassistant:
loadBalancer:
servers:
- url: http://10.10.10.100:8123/
## MIDDLEWARES ##
middlewares:
# Only Allow Local networks
local-ipwhitelist:
ipWhiteList:
sourceRange:
- 10.10.10.1/24 # localhost
# Security headers
securityHeaders:
headers:
customResponseHeaders:
X-Robots-Tag: "none,noarchive,nosnippet,notranslate,noimageindex"
server: ""
X-Forwarded-Proto: "https"
sslProxyHeaders:
X-Forwarded-Proto: "https"
referrerPolicy: "strict-origin-when-cross-origin"
hostsProxyHeaders:
- "X-Forwarded-Host"
customRequestHeaders:
X-Forwarded-Proto: "https"
framedeny: true # Set frameDeny to true to add the X-Frame-Options header with the value of DENY.
contentTypeNosniff: true # Set contentTypeNosniff to true to add the X-Content-Type-Options header with the value nosniff.
browserXssFilter: true
forceSTSHeader: true
stsIncludeSubdomains: true
stsSeconds: 63072000
stsPreload: true
# Only use secure ciphers - https://ssl-config.mozilla.org/#server=traefik&version=2.6.0&config=intermediate&guideline=5.6
tls:
options:
default:
minVersion: VersionTLS12
cipherSuites:
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
