Same docker-compose files, getting different results?

ayytee · September 5, 2023, 1:53am

Hi All

I had to change hosts thanks to the Dedipath implosion and spun up a new VPS to host Umami Analytics using Traefik and Docker (compose). I used the same docker-compose.yml files on the same OS (Debian 11). I noticed that Umami's tracking code was producing a 500 Internal Server error and as I worked through the error logs I noticed Traefik was probably the source:

time="2023-09-05T00:54:20Z" level=info msg="Configuration loaded from flags."
time="2023-09-05T00:54:20Z" level=error msg="service \"traefik-traefik\" error: port is missing" container=traefik-traefik-b206885ef49fdfe68e385ab86f32599a6f2ce5a3cad830f51c1daa6ac0b34b6b providerName=docker
time="2023-09-05T00:54:20Z" level=error msg="the router frontend@docker uses a non-existent resolver: leresolver"
time="2023-09-05T00:54:21Z" level=error msg="the router frontend@docker uses a non-existent resolver: leresolver"
time="2023-09-05T00:54:28Z" level=error msg="Unable to obtain ACME certificate for domains \"subdomain.mydomain.com\": unable to generate a certificate for the domains [subdomain.mydomain.com]: error: one or more domains had a problem:\n[subdomain.mydomain.com] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: Cannot negotiate ALPN protocol \"acme-tls/1\" for tls-alpn-01 challenge\n" ACME CA="https://acme-v02.api.letsencrypt.org/directory" routerName=umami@docker rule="Host(`subdomain.mydomain.com`)" providerName=myresolver.acme
time="2023-09-05T00:54:29Z" level=error msg="the router frontend@docker uses a non-existent resolver: leresolver"
time="2023-09-05T00:54:29Z" level=error msg="the router frontend@docker uses a non-existent resolver: leresolver"
time="2023-09-05T00:54:31Z" level=error msg="service \"traefik-traefik\" error: port is missing" providerName=docker container=traefik-traefik-b206885ef49fdfe68e385ab86f32599a6f2ce5a3cad830f51c1daa6ac0b34b6b
time="2023-09-05T00:54:32Z" level=error msg="service \"traefik-traefik\" error: port is missing" providerName=docker container=traefik-traefik-b206885ef49fdfe68e385ab86f32599a6f2ce5a3cad830f51c1daa6ac0b34b6b
time="2023-09-05T00:54:32Z" level=error msg="the router frontend@docker uses a non-existent resolver: leresolver"
time="2023-09-05T00:54:33Z" level=error msg="Unable to obtain ACME certificate for domains \"subdomain.mydomain.com\": unable to generate a certificate for the domains [subdomain.mydomain.com]: error: one or more domains had a problem:\n[subdomain.mydomain.com] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: Cannot negotiate ALPN protocol \"acme-tls/1\" for tls-alpn-01 challenge\n" routerName=umami@docker rule="Host(`subdomain.mydomain.com`)" providerName=myresolver.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory"
time="2023-09-05T00:54:33Z" level=error msg="service \"traefik-traefik\" error: port is missing" providerName=docker container=traefik-traefik-b206885ef49fdfe68e385ab86f32599a6f2ce5a3cad830f51c1daa6ac0b34b6b
time="2023-09-05T00:54:33Z" level=error msg="the router frontend@docker uses a non-existent resolver: leresolver"
time="2023-09-05T00:54:33Z" level=error msg="service \"traefik-traefik\" error: port is missing" providerName=docker container=traefik-traefik-b206885ef49fdfe68e385ab86f32599a6f2ce5a3cad830f51c1daa6ac0b34b6b
time="2023-09-05T00:54:34Z" level=error msg="the router frontend@docker uses a non-existent resolver: leresolver"
time="2023-09-05T00:54:35Z" level=error msg="the router frontend@docker uses a non-existent resolver: leresolver"
time="2023-09-05T00:54:40Z" level=error msg="Unable to obtain ACME certificate for domains \"subdomain.mydomain.com\": unable to generate a certificate for the domains [subdomain.mydomain.com]: error: one or more domains had a problem:\n[subdomain.mydomain.com] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: Cannot negotiate ALPN protocol \"acme-tls/1\" for tls-alpn-01 challenge\n" routerName=umami@docker rule="Host(`subdomain.mydomain.com`)" providerName=myresolver.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory"
time="2023-09-05T00:54:41Z" level=error msg="the router frontend@docker uses a non-existent resolver: leresolver"
time="2023-09-05T00:54:42Z" level=error msg="the router frontend@docker uses a non-existent resolver: leresolver"
time="2023-09-05T00:54:47Z" level=error msg="Unable to obtain ACME certificate for domains \"subdomain.mydomain.com\": unable to generate a certificate for the domains [subdomain.mydomain.com]: error: one or more domains had a problem:\n[subdomain.mydomain.com] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: Cannot negotiate ALPN protocol \"acme-tls/1\" for tls-alpn-01 challenge\n" ACME CA="https://acme-v02.api.letsencrypt.org/directory" providerName=myresolver.acme routerName=umami@docker rule="Host(`subdomain.mydomain.com`)"
time="2023-09-05T00:54:49Z" level=error msg="the router frontend@docker uses a non-existent resolver: leresolver"
time="2023-09-05T00:54:49Z" level=error msg="the router frontend@docker uses a non-existent resolver: leresolver"
time="2023-09-05T00:54:50Z" level=error msg="the router frontend@docker uses a non-existent resolver: leresolver"
time="2023-09-05T00:54:50Z" level=error msg="Unable to obtain ACME certificate for domains \"subdomain.mydomain.com\": unable to generate a certificate for the domains [subdomain.mydomain.com]: error: one or more domains had a problem:\n[subdomain.mydomain.com] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: Cannot negotiate ALPN protocol \"acme-tls/1\" for tls-alpn-01 challenge\n" routerName=umami@docker providerName=myresolver.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory" rule="Host(`subdomain.mydomain.com`)"
time="2023-09-05T01:00:21Z" level=error msg="accept tcp [::]:80: use of closed network connection" entryPointName=web
time="2023-09-05T01:00:21Z" level=error msg="Error while starting server: accept tcp [::]:80: use of closed network connection" entryPointName=web
time="2023-09-05T01:00:21Z" level=error msg="accept tcp [::]:443: use of closed network connection" entryPointName=websecure
time="2023-09-05T01:00:21Z" level=error msg="Error while starting server: accept tcp [::]:443: use of closed network connection" entryPointName=websecure
time="2023-09-05T01:00:45Z" level=info msg="Configuration loaded from flags."
time="2023-09-05T01:00:45Z" level=error msg="service \"traefik-traefik\" error: port is missing" container=traefik-traefik-b206885ef49fdfe68e385ab86f32599a6f2ce5a3cad830f51c1daa6ac0b34b6b providerName=docker
time="2023-09-05T01:00:47Z" level=error msg="the router frontend@docker uses a non-existent resolver: leresolver"
time="2023-09-05T01:00:47Z" level=error msg="Unable to obtain ACME certificate for domains \"subdomain.mydomain.com\": unable to generate a certificate for the domains [subdomain.mydomain.com]: acme: error: 429 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-order :: urn:ietf:params:acme:error:rateLimited :: Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/failed-validation-limit/" ACME CA="https://acme-v02.api.letsencrypt.org/directory" providerName=myresolver.acme routerName=umami@docker rule="Host(`subdomain.mydomain.com`)"

I'm pretty confused by the non-existent resolver error ("leresolver") as the docker-compose.yml file doesn't have a resolver with that name as far as I can tell:

version: "3.3"
services:
  traefik:
    image: "traefik:latest"
    container_name: "traefik"
    restart: always
    network_mode: host
    command:
      - "--api.dashboard=false"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.web.http.redirections.entrypoint.to=websecure"
      - "--entrypoints.web.http.redirections.entrypoint.scheme=https"
      - "--entrypoints.websecure.address=:443"
      - "--certificatesresolvers.myresolver.acme.tlschallenge=true"
      - "--certificatesresolvers.myresolver.acme.email=my@emailaddress.com"
      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
    ports:
      - 80:80
      - 443:443
    volumes:
      - "./letsencrypt:/letsencrypt"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik.rule=Host(`subdomain.mydomain.com`)"
      - "traefik.http.routers.traefik.entrypoints=websecure"
      - "traefik.http.routers.traefik.service=api@internal"
      - "traefik.http.routers.traefik.tls.certresolver=myresolver"
      - "traefik.http.routers.traefik.middlewares=traefik-auth"
      - "traefik.http.middlewares.traefik-auth.basicauth.users=user:-----a long string--------"

I wonder if I might ask the community for any tips to fix the error log items?

Cheers

bluepuma77 · September 5, 2023, 3:30pm

Maybe it is used by another running Docker service/container in the labels, which is picked up through Traefik Docker Configuration Discovery?

system · September 8, 2023, 3:31pm

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Facing issues upgrading my traefik setup to docker swarm Traefik v2 docker-swarm	0	619	April 2, 2020
Can't reach service in the same docker-compose? Traefik v2 docker	1	540	October 15, 2021
Traefik returns me a 404 with HTTPS Traefik v2 docker , file , dashboard-api , cli	3	533	May 16, 2022
Error: the router dashboard@docker uses a non-existent resolver: leresolver Traefik v2 letsencrypt-acme	6	5523	January 23, 2020
Getting 404 errors on 2 containers Traefik v2 docker	1	2133	December 1, 2019

Same docker-compose files, getting different results?

Related topics