Hi,
i have problems getting a certificate from Let's Encrypt.
I have a server running only the Docker Containters for RocketChat, Database and Traefik.
This is are my config files:
config.yml
volumes:
mongodb_data: { driver: local }
services:
rocketchat:
image: registry.rocket.chat/rocketchat/rocket.chat:${RELEASE:-latest}
restart: always
labels:
traefik.enable: "true"
traefik.http.routers.rocketchat.rule: Host(`${DOMAIN:-}`)
traefik.http.routers.rocketchat.tls: "true"
traefik.http.routers.rocketchat.entrypoints: https
traefik.http.routers.rocketchat.tls.certresolver: le
environment:
MONGO_URL: "${MONGO_URL:-\
mongodb://${MONGODB_ADVERTISED_HOSTNAME:-mongodb}:${MONGODB_INITIAL_PRIMARY_PORT_NUMBER:-27017}/\
${MONGODB_DATABASE:-rocketchat}?replicaSet=${MONGODB_REPLICA_SET_NAME:-rs0}}"
MONGO_OPLOG_URL: "${MONGO_OPLOG_URL:\
-mongodb://${MONGODB_ADVERTISED_HOSTNAME:-mongodb}:${MONGODB_INITIAL_PRIMARY_PORT_NUMBER:-27017}/\
local?replicaSet=${MONGODB_REPLICA_SET_NAME:-rs0}}"
ROOT_URL: ${ROOT_URL:-http://localhost:${HOST_PORT:-3000}}
PORT: ${PORT:-3000}
DEPLOY_METHOD: docker
DEPLOY_PLATFORM: ${DEPLOY_PLATFORM:-}
REG_TOKEN: ${REG_TOKEN:-}
depends_on:
- mongodb
expose:
- ${PORT:-3000}
ports:
- "${BIND_IP:-0.0.0.0}:${HOST_PORT:-3000}:${PORT:-3000}"
mongodb:
image: docker.io/bitnami/mongodb:${MONGODB_VERSION:-5.0}
restart: always
volumes:
- mongodb_data:/bitnami/mongodb
environment:
MONGODB_REPLICA_SET_MODE: primary
MONGODB_REPLICA_SET_NAME: ${MONGODB_REPLICA_SET_NAME:-rs0}
MONGODB_PORT_NUMBER: ${MONGODB_PORT_NUMBER:-27017}
MONGODB_INITIAL_PRIMARY_HOST: ${MONGODB_INITIAL_PRIMARY_HOST:-mongodb}
MONGODB_INITIAL_PRIMARY_PORT_NUMBER: ${MONGODB_INITIAL_PRIMARY_PORT_NUMBER:-27017}
MONGODB_ADVERTISED_HOSTNAME: ${MONGODB_ADVERTISED_HOSTNAME:-mongodb}
MONGODB_ENABLE_JOURNAL: ${MONGODB_ENABLE_JOURNAL:-true}
ALLOW_EMPTY_PASSWORD: ${ALLOW_EMPTY_PASSWORD:-yes}
traefik.yml
version: '3.7'
volumes:
traefik: { driver: local }
services:
traefik:
image: docker.io/traefik:${TRAEFIK_RELEASE:-v2.11.0}
restart: always
command:
- --api.insecure=false
- --providers.docker=true
- --providers.docker.exposedbydefault=false
- --entrypoints.web.address=:80
- --entrypoints.web.http.redirections.entryPoint.to=https
- --entrypoints.web.http.redirections.entryPoint.scheme=https
- --entrypoints.https.address=:443
- --certificatesresolvers.le.acme.tlschallenge=true
- --certificatesresolvers.le.acme.email=kallertobias@gmail.com
- --certificatesresolvers.le.acme.storage=/letsencrypt/acme.json
- --log.level=DEBUG
- --log.filePath=/logs/traefik.log
ports:
- 80:80
- 443:443
volumes:
- traefik:/letsencrypt:rw
- /run/docker.sock:/var/run/docker.sock:ro
- ./logs/:/logs/
.env:
### Rocket.Chat configuration
# Rocket.Chat version
# see:- https://github.com/RocketChat/Rocket.Chat/releases
#RELEASE=
# MongoDB endpoint (include ?replicaSet= parameter)
#MONGO_URL=
# MongoDB endpoint to the local database
#MONGO_OPLOG_URL=
# IP to bind the process to
#BIND_IP=127.0.0.1
# URL used to access your Rocket.Chat instance
#ROOT_URL=https://hive.buckfast-bayern.de
# Port Rocket.Chat runs on (in-container)
#PORT=
# Port on the host to bind to
#HOST_PORT=
### MongoDB configuration
# MongoDB version/image tag
#MONGODB_VERSION=
# See:- https://hub.docker.com/r/bitnami/mongodb
### Traefik config (if enabled)
# Traefik version/image tag
#TRAEFIK_RELEASE=
# Domain for https (change ROOT_URL & BIND_IP accordingly)
#DOMAIN=hive.buckfast-bayern.de
# Email for certificate notifications
#LETSENCRYPT_EMAIL=kallertobias@gmail.com
Log File:
time="2024-03-13T18:33:33Z" level=info msg="Traefik version 2.9.8 built on 2023-02-15T15:23:25Z"
time="2024-03-13T18:33:33Z" level=debug msg="Static configuration loaded {\"global\":{\"checkNewVersion\":true},\"serversTransport\":{\"maxIdleConnsPerHost\":200},\"entryPoints\":{\"https\":{\"address\":\":443\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":\"10s\"},\"respondingTimeouts\":{\"idleTimeout\":\"3m0s\"}},\"forwardedHeaders\":{},\"http\":{},\"http2\":{\"maxConcurrentStreams\":250},\"udp\":{\"timeout\":\"3s\"}},\"web\":{\"address\":\":80\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":\"10s\"},\"respondingTimeouts\":{\"idleTimeout\":\"3m0s\"}},\"forwardedHeaders\":{},\"http\":{\"redirections\":{\"entryPoint\":{\"to\":\"https\",\"scheme\":\"https\",\"permanent\":true,\"priority\":2147483646}}},\"http2\":{\"maxConcurrentStreams\":250},\"udp\":{\"timeout\":\"3s\"}}},\"providers\":{\"providersThrottleDuration\":\"2s\",\"docker\":{\"watch\":true,\"endpoint\":\"unix:///var/run/docker.sock\",\"defaultRule\":\"Host(`{{ normalize .Name }}`)\",\"swarmModeRefreshSeconds\":\"15s\"}},\"api\":{\"dashboard\":true},\"log\":{\"level\":\"DEBUG\",\"filePath\":\"/logs/traefik.log\",\"format\":\"common\"},\"certificatesResolvers\":{\"le\":{\"acme\":{\"email\":\"kallertobias@gmail.com\",\"caServer\":\"https://acme-v02.api.letsencrypt.org/directory\",\"storage\":\"/letsencrypt/acme.json\",\"keyType\":\"RSA4096\",\"certificatesDuration\":2160,\"tlsChallenge\":{}}}}}"
time="2024-03-13T18:33:33Z" level=info msg="\nStats collection is disabled.\nHelp us improve Traefik by turning this feature on :)\nMore details on: https://doc.traefik.io/traefik/contributing/data-collection/\n"
time="2024-03-13T18:33:33Z" level=info msg="Starting provider aggregator aggregator.ProviderAggregator"
time="2024-03-13T18:33:33Z" level=info msg="Starting provider *traefik.Provider"
time="2024-03-13T18:33:33Z" level=debug msg="*traefik.Provider provider configuration: {}"
time="2024-03-13T18:33:33Z" level=debug msg="Configuration received: {\"http\":{\"routers\":{\"web-to-https\":{\"entryPoints\":[\"web\"],\"middlewares\":[\"redirect-web-to-https\"],\"service\":\"noop@internal\",\"rule\":\"HostRegexp(`{host:.+}`)\",\"priority\":2147483646}},\"services\":{\"api\":{},\"dashboard\":{},\"noop\":{}},\"middlewares\":{\"redirect-web-to-https\":{\"redirectScheme\":{\"scheme\":\"https\",\"port\":\"443\",\"permanent\":true}}},\"serversTransports\":{\"default\":{\"maxIdleConnsPerHost\":200}}},\"tcp\":{},\"udp\":{},\"tls\":{}}" providerName=internal
time="2024-03-13T18:33:33Z" level=debug msg="Starting TCP Server" entryPointName=web
time="2024-03-13T18:33:33Z" level=debug msg="Starting TCP Server" entryPointName=https
time="2024-03-13T18:33:33Z" level=info msg="Starting provider *acme.ChallengeTLSALPN"
time="2024-03-13T18:33:33Z" level=debug msg="*acme.ChallengeTLSALPN provider configuration: {}"
time="2024-03-13T18:33:33Z" level=info msg="Starting provider *docker.Provider"
time="2024-03-13T18:33:33Z" level=debug msg="*docker.Provider provider configuration: {\"watch\":true,\"endpoint\":\"unix:///var/run/docker.sock\",\"defaultRule\":\"Host(`{{ normalize .Name }}`)\",\"swarmModeRefreshSeconds\":\"15s\"}"
time="2024-03-13T18:33:33Z" level=info msg="Starting provider *acme.Provider"
time="2024-03-13T18:33:33Z" level=debug msg="*acme.Provider provider configuration: {\"email\":\"kallertobias@gmail.com\",\"caServer\":\"https://acme-v02.api.letsencrypt.org/directory\",\"storage\":\"/letsencrypt/acme.json\",\"keyType\":\"RSA4096\",\"certificatesDuration\":2160,\"tlsChallenge\":{},\"ResolverName\":\"le\",\"store\":{},\"TLSChallengeProvider\":{},\"HTTPChallengeProvider\":{}}"
time="2024-03-13T18:33:33Z" level=debug msg="Attempt to renew certificates \"720h0m0s\" before expiry and check every \"24h0m0s\"" ACME CA="https://acme-v02.api.letsencrypt.org/directory" providerName=le.acme
time="2024-03-13T18:33:33Z" level=info msg="Testing certificate renew..." ACME CA="https://acme-v02.api.letsencrypt.org/directory" providerName=le.acme
time="2024-03-13T18:33:33Z" level=debug msg="Configuration received: {\"http\":{},\"tcp\":{},\"udp\":{},\"tls\":{}}" providerName=le.acme
time="2024-03-13T18:33:33Z" level=debug msg="Provider connection established with docker 25.0.4 (API 1.44)" providerName=docker
time="2024-03-13T18:33:33Z" level=debug msg="Filtering disabled container" providerName=docker container=traefik-rocketchat-6bc89243d5b30af2e124716ada81ab248bf0cbcfea17a6cf466149ab272694eb
time="2024-03-13T18:33:33Z" level=debug msg="Filtering disabled container" providerName=docker container=mongodb-rocketchat-e2b07d20f97d8428c073ed7d0d4cbd1354889d87808ecc34fb7d1a97e43eec23
time="2024-03-13T18:33:33Z" level=debug msg="Configuration received: {\"http\":{\"routers\":{\"rocketchat\":{\"entryPoints\":[\"https\"],\"service\":\"rocketchat-rocketchat\",\"rule\":\"Host(``)\",\"tls\":{\"certResolver\":\"le\"}}},\"services\":{\"rocketchat-rocketchat\":{\"loadBalancer\":{\"servers\":[{\"url\":\"http://172.18.0.3:3000\"}],\"passHostHeader\":true}}}},\"tcp\":{},\"udp\":{}}" providerName=docker
time="2024-03-13T18:33:33Z" level=debug msg="No default certificate, fallback to the internal generated certificate" tlsStoreName=default
time="2024-03-13T18:33:33Z" level=debug msg="Added outgoing tracing middleware noop@internal" middlewareName=tracing middlewareType=TracingForwarder entryPointName=web routerName=web-to-https@internal
time="2024-03-13T18:33:33Z" level=debug msg="Creating middleware" middlewareType=RedirectScheme entryPointName=web routerName=web-to-https@internal middlewareName=redirect-web-to-https@internal
time="2024-03-13T18:33:33Z" level=debug msg="Setting up redirection to https 443" entryPointName=web routerName=web-to-https@internal middlewareName=redirect-web-to-https@internal middlewareType=RedirectScheme
time="2024-03-13T18:33:33Z" level=debug msg="Creating middleware" entryPointName=web middlewareType=Recovery middlewareName=traefik-internal-recovery
time="2024-03-13T18:33:33Z" level=debug msg="No default certificate, fallback to the internal generated certificate" tlsStoreName=default
time="2024-03-13T18:33:33Z" level=debug msg="Added outgoing tracing middleware noop@internal" middlewareName=tracing middlewareType=TracingForwarder entryPointName=web routerName=web-to-https@internal
time="2024-03-13T18:33:33Z" level=debug msg="Creating middleware" entryPointName=web routerName=web-to-https@internal middlewareName=redirect-web-to-https@internal middlewareType=RedirectScheme
time="2024-03-13T18:33:33Z" level=debug msg="Setting up redirection to https 443" middlewareType=RedirectScheme entryPointName=web routerName=web-to-https@internal middlewareName=redirect-web-to-https@internal
time="2024-03-13T18:33:33Z" level=debug msg="Creating middleware" middlewareName=traefik-internal-recovery middlewareType=Recovery entryPointName=web
time="2024-03-13T18:33:33Z" level=debug msg="Creating middleware" middlewareName=pipelining middlewareType=Pipelining entryPointName=https routerName=rocketchat@docker serviceName=rocketchat-rocketchat
time="2024-03-13T18:33:33Z" level=debug msg="Creating load-balancer" entryPointName=https routerName=rocketchat@docker serviceName=rocketchat-rocketchat
time="2024-03-13T18:33:33Z" level=debug msg="Creating server 0 http://172.18.0.3:3000" routerName=rocketchat@docker serviceName=rocketchat-rocketchat serverName=0 entryPointName=https
time="2024-03-13T18:33:33Z" level=debug msg="child http://172.18.0.3:3000 now UP"
time="2024-03-13T18:33:33Z" level=debug msg="Propagating new UP status"
time="2024-03-13T18:33:33Z" level=debug msg="Added outgoing tracing middleware rocketchat-rocketchat" middlewareName=tracing middlewareType=TracingForwarder entryPointName=https routerName=rocketchat@docker
time="2024-03-13T18:33:33Z" level=error msg="empty args for matcher Host, []" entryPointName=https routerName=rocketchat@docker
time="2024-03-13T18:33:33Z" level=debug msg="Creating middleware" middlewareName=traefik-internal-recovery middlewareType=Recovery entryPointName=https
time="2024-03-13T18:33:33Z" level=debug msg="Adding route for with TLS options default" entryPointName=https
time="2024-03-13T18:33:33Z" level=error msg="Error while adding route for host: empty args for matcher HostSNI, []"
time="2024-03-13T18:33:33Z" level=debug msg="Trying to challenge certificate for domain [] found in HostSNI rule" rule="Host(``)" providerName=le.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory" routerName=rocketchat@docker
time="2024-03-13T18:33:33Z" level=error msg="Unable to obtain ACME certificate for domains \"\": no domain was given" rule="Host(``)" providerName=le.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory" routerName=rocketchat@docker
time="2024-03-13T18:35:36Z" level=debug msg="Serving default certificate for request: \"hive.buckfast-bayern.de\""
time="2024-03-13T18:35:37Z" level=debug msg="Serving default certificate for request: \"hive.buckfast-bayern.de\""
time="2024-03-13T18:36:31Z" level=debug msg="Serving default certificate for request: \"hive.buckfast-bayern.de\""
time="2024-03-13T18:36:32Z" level=debug msg="Serving default certificate for request: \"hive.buckfast-bayern.de\""
time="2024-03-13T18:37:23Z" level=debug msg="Serving default certificate for request: \"hive.buckfast-bayern.de\""
time="2024-03-13T18:39:21Z" level=debug msg="Serving default certificate for request: \"hive.buckfast-bayern.de\""
time="2024-03-13T18:39:22Z" level=debug msg="Serving default certificate for request: \"hive.buckfast-bayern.de\""
time="2024-03-13T18:39:24Z" level=debug msg="Serving default certificate for request: \"hive.buckfast-bayern.de\""
time="2024-03-13T18:39:24Z" level=debug msg="Serving default certificate for request: \"hive.buckfast-bayern.de\""
time="2024-03-13T18:40:36Z" level=debug msg="http: TLS handshake error from 198.235.24.57:53622: tls: client offered only unsupported versions: [302 301]"
time="2024-03-13T18:40:51Z" level=debug msg="Serving default certificate for request: \"\""
time="2024-03-13T18:40:51Z" level=debug msg="Serving default certificate for request: \"85.215.123.144\""
time="2024-03-13T18:40:51Z" level=debug msg="http: TLS handshake error from 165.154.36.91:45346: EOF"
time="2024-03-13T18:40:51Z" level=debug msg="Serving default certificate for request: \"85.215.123.144\""
time="2024-03-13T18:40:51Z" level=debug msg="http: TLS handshake error from 165.154.36.91:45732: EOF"
time="2024-03-13T18:40:52Z" level=debug msg="Serving default certificate for request: \"85.215.123.144\""
time="2024-03-13T18:40:52Z" level=debug msg="http: TLS handshake error from 165.154.36.91:46408: tls: no cipher suite supported by both client and server"
time="2024-03-13T18:40:52Z" level=debug msg="http: TLS handshake error from 165.154.36.91:46922: tls: client requested unsupported application protocols ([http/0.9 http/1.0 spdy/1 spdy/2 spdy/3 h2c hq])"
time="2024-03-13T18:40:52Z" level=debug msg="http: TLS handshake error from 165.154.36.91:47432: tls: client requested unsupported application protocols ([hq h2c spdy/3 spdy/2 spdy/1 http/1.0 http/0.9])"
time="2024-03-13T18:40:53Z" level=debug msg="http: TLS handshake error from 165.154.36.91:48246: tls: client offered only unsupported versions: [302 301]"
time="2024-03-13T18:40:53Z" level=debug msg="Serving default certificate for request: \"85.215.123.144\""
time="2024-03-13T18:40:53Z" level=debug msg="http: TLS handshake error from 165.154.36.91:48828: read tcp 172.18.0.4:443->165.154.36.91:48828: read: connection reset by peer"
time="2024-03-13T18:40:53Z" level=debug msg="Serving default certificate for request: \"85.215.123.144\""
time="2024-03-13T18:40:53Z" level=debug msg="http: TLS handshake error from 165.154.36.91:49414: EOF"
time="2024-03-13T18:40:54Z" level=debug msg="Serving default certificate for request: \"85.215.123.144\""
time="2024-03-13T18:40:54Z" level=debug msg="http: TLS handshake error from 165.154.36.91:49800: EOF"
time="2024-03-13T18:40:54Z" level=debug msg="Serving default certificate for request: \"85.215.123.144\""
time="2024-03-13T18:40:54Z" level=debug msg="http: TLS handshake error from 165.154.36.91:50172: read tcp 172.18.0.4:443->165.154.36.91:50172: read: connection reset by peer"
time="2024-03-13T18:40:54Z" level=debug msg="Serving default certificate for request: \"34.77.189.226\""
time="2024-03-13T18:40:54Z" level=debug msg="http: TLS handshake error from 165.154.36.91:50508: EOF"
time="2024-03-13T18:41:27Z" level=debug msg="Serving default certificate for request: \"hive.buckfast-bayern.de\""
time="2024-03-13T18:41:28Z" level=debug msg="Serving default certificate for request: \"hive.buckfast-bayern.de\""
time="2024-03-13T18:42:27Z" level=debug msg="Serving default certificate for request: \"hive.buckfast-bayern.de\""
time="2024-03-13T18:42:28Z" level=debug msg="Serving default certificate for request: \"hive.buckfast-bayern.de\""
time="2024-03-13T18:42:30Z" level=debug msg="Serving default certificate for request: \"hive.buckfast-bayern.de\""
time="2024-03-13T18:42:31Z" level=debug msg="Serving default certificate for request: \"hive.buckfast-bayern.de\""
time="2024-03-13T18:42:52Z" level=debug msg="Serving default certificate for request: \"hive.buckfast-bayern.de\""
time="2024-03-13T18:42:52Z" level=debug msg="Serving default certificate for request: \"hive.buckfast-bayern.de\""
time="2024-03-13T18:43:33Z" level=warning msg="A new release has been found: 2.11.0. Please consider updating."
time="2024-03-13T18:45:31Z" level=debug msg="Serving default certificate for request: \"\""
time="2024-03-13T18:45:32Z" level=debug msg="Serving default certificate for request: \"\""
time="2024-03-13T18:45:55Z" level=debug msg="Serving default certificate for request: \"hive.buckfast-bayern.de\""
time="2024-03-13T18:45:55Z" level=debug msg="Serving default certificate for request: \"hive.buckfast-bayern.de\""
time="2024-03-13T18:46:05Z" level=debug msg="Serving default certificate for request: \"hive.buckfast-bayern.de\""
time="2024-03-13T18:46:05Z" level=debug msg="Serving default certificate for request: \"hive.buckfast-bayern.de\""
time="2024-03-13T18:46:23Z" level=debug msg="Serving default certificate for request: \"hive.buckfast-bayern.de\""
time="2024-03-13T18:46:24Z" level=debug msg="Serving default certificate for request: \"hive.buckfast-bayern.de\""
time="2024-03-13T18:46:51Z" level=debug msg="Serving default certificate for request: \"hive.buckfast-bayern.de\""
time="2024-03-13T18:46:52Z" level=debug msg="Serving default certificate for request: \"hive.buckfast-bayern.de\""
time="2024-03-13T18:48:05Z" level=debug msg="Serving default certificate for request: \"hive.buckfast-bayern.de\""
time="2024-03-13T18:48:06Z" level=debug msg="Serving default certificate for request: \"hive.buckfast-bayern.de\""
time="2024-03-13T18:48:55Z" level=debug msg="Serving default certificate for request: \"hive.buckfast-bayern.de\""
time="2024-03-13T18:48:55Z" level=debug msg="Serving default certificate for request: \"hive.buckfast-bayern.de\""
time="2024-03-13T18:48:59Z" level=debug msg="Serving default certificate for request: \"hive.buckfast-bayern.de\""
time="2024-03-13T18:48:59Z" level=debug msg="Serving default certificate for request: \"hive.buckfast-bayern.de\""