Hello,
I'm new to docker and Traefik and I try to get some example setup just for learning and testing. Now I face issues with Let's Encrypt.
Docker runs on a Raspberry PI4. It's a home setup, so the Internet traffic runs through a NAT device.
Here is my docker-compose.yml file:
version: "3.5"
services:
traefik:
image: "traefik:v2.5"
container_name: "traefik"
command:
- "--log.level=DEBUG"
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.myresolver.acme.tlschallenge=true"
- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
- "--certificatesresolvers.myresolver.acme.email=example@example.com"
- "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
ports:
- "443:443"
- "8080:8080"
volumes:
- "./letsencrypt:/letsencrypt"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
whoami:
image: "traefik/whoami"
container_name: "simple-service"
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoami.rule=Host(`example.domain.com`)"
- "traefik.http.routers.whoami.entrypoints=websecure"
- "traefik.http.routers.whoami.tls.certresolver=myresolver"
Unfortuantely the ACME request doesn`t work and I get the following error messages:
time="2021-11-14T16:56:48Z" level=debug msg="Creating middleware" middlewareName=traefik-internal-recovery middlewareType=Recovery entryPointName=websecure
time="2021-11-14T16:56:48Z" level=debug msg="Adding route for example.domain.com with TLS options default" entryPointName=websecure
time="2021-11-14T16:56:48Z" level=debug msg="Try to challenge certificate for domain [example.domain.com] found in HostSNI rule" rule="Host(`example.domain.com`)" providerName=myresolver.acme routerName=whoami@docker
time="2021-11-14T16:56:48Z" level=debug msg="Looking for provided certificate(s) to validate [\"example.domain.com\"]..." rule="Host(`example.domain.com`)" providerName=myresolver.acme routerName=whoami@docker
time="2021-11-14T16:56:48Z" level=debug msg="No ACME certificate generation required for domains [\"example.domain.com\"]." rule="Host(`example.domain.com`)" providerName=myresolver.acme routerName=whoami@docker
time="2021-11-14T16:57:02Z" level=debug msg="TLS Challenge CleanUp temp certificate for example.domain.com" providerName=tlsalpn.acme
time="2021-11-14T16:57:02Z" level=debug msg="Configuration received from provider tlsalpn.acme: {\"http\":{},\"tls\":{}}" providerName=tlsalpn.acme
time="2021-11-14T16:57:02Z" level=debug msg="No default certificate, generating one" tlsStoreName=default
time="2021-11-14T16:57:02Z" level=debug msg="legolog: [INFO] Deactivating auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/936365758"
time="2021-11-14T16:57:02Z" level=error msg="Unable to obtain ACME certificate for domains \"example.domain.com\": unable to generate a certificate for the domains [example.domain.com]: error: one or more domains had a problem:\n[example.domain.com] acme: error: 400 :: urn:ietf:params:acme:error:connection :: Timeout during connect (likely firewall problem)\n" providerName=myresolver.acme routerName=whoami@docker rule="Host(`example.domain.com`)"
The NAT configuration seems to be corrent, because I can access the service from the Internet. DNS configuration also works. I am able to successfully retrieve a Let's Encrypt certificate on another Linux machine.
Any ideas?
Thanks,
Siggi