(Sorry for the double back ticks, seems like escaping backticks doesn't work)
With this setup:
entryPoints: web: address: ":80" http: redirections: entryPoint: to: websecure scheme: https websecure: address: ":443" certificatesResolvers: letsencrypt: acme: httpChallenge: entryPoint: web
Traefik creates two internal routes:
which are the only two routes I have on the "web" entrypoint.
I would assume that
acme-http@internal would get a higher priority, since the rule is longer, but for some reason, the HTTP-01 challenge requests are given to
Jan 20 14:31:39 *** traefik: 2600:1f14:804:fd01:*** - - [20/Jan/2021:14:31:39 +0000] "GET /.well-known/acme-challenge/uu6anJCMiaRvIo*** HTTP/1.1" 301 17 "-" "-" 16 "web-to-websecure@internal" "-" 0ms
And of course this fails if we don't already have a certificate.
I struggle to understand why
web-to-websecure@internal is prioritized over acme-http@internal here.
If I temporarily disable the
http.redirections block, the HTTP-01 challenge works.