I'm trying to set up an ingress that requires both:
I'm under the impression that Traefik is denying the TLS-ALPN-01 requests incoming from LE, because they aren't supplying a client certificate. Is that possible?
Hello @Korijn and thanks for your interest in Traefik,
I'm under the impression that Traefik is denying the TLS-ALPN-01 requests incoming from LE, because they aren't supplying a client certificate. Is that possible?
You are right, when ACME is making the TLS challenge request the defined TLSOption applies. This means that the client certificate will be requested during this challenge request.
Using HTTP or DNS challenges should help to solve this issue, check out the following documentation: Traefik Let's Encrypt Documentation - Traefik
Hope this helps!
Thanks for responding so quickly. I'm also on a .dev domain (so HSTS) so HTTP-01 challenge is also not feasible. DNS challenge it is, I guess!
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.