"remote error: tls: bad certificate" with traefik:v2.0.0-beta1-alpine

here's my docker-compose.yml

  traefik:
    restart: unless-stopped
    image: traefik:v2.0.0-beta1-alpine
    command:
      - --global.sendAnonymousUsage=true
      - --api.dashboard=true
      - --log.level=DEBUG
      - --entrypoints.web.address=:80
      - --entrypoints.websecure.address=:443
      - --certificatesResolvers.basic.acme.email=sergey@google.com
      - --certificatesResolvers.basic.acme.storage=acme.json
      - --certificatesResolvers.basic.acme.httpChallenge.entryPoint=web
      - --providers.docker=true
      - --providers.docker.exposedByDefault=false
    labels:
      - traefik.enable=false
    ports:
      - 80
      - 443
      - 8080:8080
    volumes:
      - traefik:/acme
      - /var/run/docker.sock:/var/run/docker.sock
    networks:
      - public-web

error i get:

traefik_1  | time="2019-07-21T18:04:39Z" level=debug msg="Serving default certificate for request: \"m.google.com\""
traefik_1  | 2019/07/21 18:04:39 server.go:3012: http: TLS handshake error from 172.24.0.4:51414: remote error: tls: bad certificate

Not sure why.

1 Like
traefik:
  restart: unless-stopped
  image: traefik:v2.0.0-beta1-alpine
  command:
   - --accesslog=true
   - --api=true
   - --log.level=DEBUG
   - --entryPoints.web.address=:80
   - --entryPoints.websecure.address=:443
   - --certificatesResolvers.sample.acme.email=sergey@google.com
   - --certificatesResolvers.sample.acme.storage=/le/acme.json
   - --certificatesResolvers.sample.acme.httpChallenge.entryPoint=web
   - --providers.docker.exposedByDefault=false
  ports:
    - 80
    - 443
    - 8080:8080
  volumes:
    - acme.json:/le/acme.json
    - /var/run/docker.sock:/var/run/docker.sock
  networks:
    - public-web

You have to define certResolver to the router:

got it working finally.

my traefik config with docker-compose

  traefik:
    restart: unless-stopped
    image: traefik:v2.0.0-beta1-alpine
    command:
      - --global.sendAnonymousUsage=true
      - --api.dashboard=true
      - --log.level=DEBUG
      - --entryPoints.web.address=:80
      - --entryPoints.websecure.address=:443
      - --certificatesResolvers.basic.acme.email=sergey@google.com
      - --certificatesResolvers.basic.acme.storage=acme.json
      - --certificatesResolvers.basic.acme.httpChallenge.entryPoint=web
      - --providers.docker=true
      - --providers.docker.exposedByDefault=false
    labels:
      - traefik.enable=false
    ports:
      - 80
      - 443
      - 8080:8080
    volumes:
      - traefik:/acme
      - /var/run/docker.sock:/var/run/docker.sock
    networks:
      - public-web

how i run nextcloud:

  app:
    image: nextcloud:16
    labels:
      - "traefik.http.services.nextcloud.LoadBalancer.server.port=80"
      - "traefik.enable=true"
      - "traefik.docker.network=public-web"
      - "traefik.http.routers.nextcloud_http.entryPoints=web"
      - "traefik.http.routers.nextcloud_http.rule=Host(`nextcloud.google.com`)"
      - "traefik.http.routers.nextcloud_https.entryPoints=websecure"
      - "traefik.http.routers.nextcloud_https.rule=Host(`nextcloud.google.com`)"
      - "traefik.http.routers.nextcloud_https.tls.certresolver=basic"
      - "traefik.http.middlewares.https_redirect.redirectscheme.scheme=https"
    networks:
      - nextcloud
      - public-web

how i run mattermost:

    labels:
      - "traefik.http.services.mattermost.LoadBalancer.server.port=8000"
      - "traefik.enable=true"
      - "traefik.docker.network=public-web"
      - "traefik.http.routers.mattermost_http.entryPoints=web"
      - "traefik.http.routers.mattermost_http.rule=Host(`mattermost.google.com`)"
      - "traefik.http.routers.mattermost_https.entryPoints=websecure"
      - "traefik.http.routers.mattermost_https.rule=Host(`mattermost.google.com`)"
      - "traefik.http.routers.mattermost_https.tls.certresolver=basic"
      - "traefik.http.middlewares.https_redirect.redirectscheme.scheme=https"

how i run the sample whoami container

  whoami:
    image: containous/whoami
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=public-web"
      - "traefik.http.routers.whoami_http.entryPoints=web"
      - "traefik.http.routers.whoami_http.rule=Host(`whoami.google.com`)"
      - "traefik.http.routers.whoami_https.entryPoints=websecure"
      - "traefik.http.routers.whoami_https.rule=Host(`whoami.google.com`)"
      - "traefik.http.routers.whoami_https.tls.certresolver=basic"
      - "traefik.http.middlewares.https_redirect.redirectscheme.scheme=https"
    networks:
      - public-web

where did you put it. Did you add it to /root/mattermost-docker/docker-compose.yml?
This file is referenced in Production Docker Deployment to start the Mattermost docker image.

I managed it :slight_smile: :partying_face:
see Mattermost behind Treafik v2