I get error in Google Chrome browser that my connection is not private when I trying to address my domain. Also I have the following error in the traefik container logs (there are the only logs I have related to traefik container, there are no other logs):
traefik | time="2022-04-27T09:15:29Z" level=info msg="Configuration loaded from file: /etc/traefik/traefik.yml"
traefik | time="2022-04-27T09:15:37Z" level=error msg="Unable to obtain ACME certificate for domains \"spl-bck.ru\": cannot get ACME client get directory at 'https://acme-v02.api.letsencrypt.org/directory': Get \"https://acme-v02.api.letsencrypt.org/directory\": http: server gave HTTP response to HTTPS client" providerName=letsencrypt.acme routerName=traefik-router@docker rule="Host(`spl-bck.ru`)"
I use the following configuration for my docker-compose.yml on the server:
command: --go.insecure=true --providers.docker
Also, here is my traefik.yml
What am I doing wrong and how can I fix my errors? Please, help.
What happens if you
curl https://acme-v02.api.letsencrypt.org/directory from that server ?
I got the following error:
curl: (35) error:1408F10B:SSL routines:ssl3_get_record:wrong version number
Seems like alpine can't handle tls by some reason. Maybe there is wrong configuration for SSL on my server? What should I do?
It really does.
docker run --rm -it alpine
/ # apk -u add curl
(1/11) Upgrading busybox (1.34.1-r3 -> 1.34.1-r5)
(2/11) Upgrading libcrypto1.1 (1.1.1l-r7 -> 1.1.1n-r0)
(3/11) Upgrading libssl1.1 (1.1.1l-r7 -> 1.1.1n-r0)
(4/11) Upgrading libretls (3.3.4-r2 -> 3.3.4-r3)
(5/11) Upgrading ssl_client (1.34.1-r3 -> 1.34.1-r5)
(6/11) Upgrading zlib (1.2.11-r3 -> 1.2.12-r1)
(7/11) Installing ca-certificates (20211220-r0)
(8/11) Installing brotli-libs (1.0.9-r5)
(9/11) Installing nghttp2-libs (1.46.0-r0)
(10/11) Installing libcurl (7.80.0-r1)
(11/11) Installing curl (7.80.0-r1)
OK: 8 MiB in 19 packages
/ # curl https://acme-v02.api.letsencrypt.org/directory
Something is intercepting the tls connection between that server an LetsEncrypt. Common scenario would be a corporate proxy or a port redirect. The error received can often be received when a non-tls response is received during the TLS handshake.
e.g TLS connection to a standard HTTP port:
openssl s_client -connect google.com:80
140570879186240:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:331:
Thank you, sir. You were right - I had the error because of my incorrect iptables rules.
But I have some misconception about traefik work. Could you please explain how should I pass all requests that coming to 443 port (Traefik container) to 8181 port (my web app) ? I thought I should do it with iptables somehow. Maybe I should do it with labels for docker? How can traefik know where should it pass the request?
No need to touch IP tables(beyond 443/80 for traefik. Some cases docker will open it anyway ).
Internet -> Traefik -> Backend Containers
Yes the labels are used to define the rules. As you're using the docker provider Traefik knows the backends ip (via docker api and the docker network).
I like their pictures
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.