I've been using Traefik for a while, and just been caught by the LetsEncrypt cert issue, which caused me to want to regenerate my certificates.
I deleted acme.json, "touched" it (blank file) and chmodded to 600 and restarted traefik
I got a bunch of errors initially, and some warnings on deprecated config - which I corrected, and then restarted, and saw no errors.
However, I noticed that acme.json was only getting ONE cert, whereas before I had 5.
In my dynamic config, I have a "catch all" host defined for anything hitting my host with no valid SNI name, and that is the ONLY router I have that has a "main" domain setup for my resolver.
ALL other routers simply have sans defined, ala
Here is my middleware & nohost router
[http.middlewares.bouncer] [http.middlewares.bouncer.redirectRegex] regex=".*" replacement="https://www.mydomain.co.uk" [http.routers.nohost] # Define the hostname to be used rule = [ "HostHeader(`mydomain.co.uk`)" ] # Define the entrypoint entrypoints = [ "websecure" ] # Target the "nohost" service service = "nohost" # Define the middlewares to use middlewares = [ "bouncer" ] # Enable TLS [http.routers.nohost.tls] # Specify which resolver to use certResolver = "mythicbeasts" # Define the domain to use, as it's one higher than the others [[http.routers.nohost.tls.domains]] main = "mydomain.co.uk"
And here is my router SSL front end...with SAN only (no main)
[http.routers.gateway] # Define the hostname to be used rule = "HostHeader(`gateway.mydomain.co.uk`)" # Define the entrypoints entrypoints = [ "websecure" ] # Target the "gateway" service service = "gateway" # Enable TLS [http.routers.gateway.tls] # Specify which resolver to use certResolver = "mythicbeasts" # Select certs [[http.routers.gateway.tls.domains]] sans = [ "*.mydomain.co.uk" ]
This has been working fine, so is there any reason Traefik now seems to only be requested/generating the cert for mydomain.co.uk and NOT *.mydomain.co.uk?
I've rolled back my acme.json for the time being, as I got rate-limited by LE.