Ssl Certificate is not served

mlan · March 17, 2022, 12:41pm

Hi All,

I configured https but is is not working. i get can't reach this page.

mij request is https://werkplek.dezb.nl

i don't use docker so here my files:

traefik.yaml:
global:
checkNewVersion: true

sendAnonymousUsage: true

#serversTransport:

Allow self-signed/Internal CA Issued Certs to be used easily for back-end connections

insecureSkipVerify:

api:
insecure: true
dashboard: true
debug: false

log:
filePath: "/var/log/traefik/traefik.log"
level: debug
format: common

format: json

accessLog:
filePath: "/var/log/traefik/access.log"
format: common
filters:
statusCodes:
- "200"
- "300-302"
retryAttempts: true
minDuration: "10ms"

ping:
entryPoint: "traefik"

entryPoints:
web:
address: ":80"
http:
redirections:
entryPoint:
to: websecure
scheme: https
websecure:
address: ":443"

providers:

Enable the file provider to define routers / middlewares / services in file

Each *.yml file placed in this directory will be dynamically read and applied by Traefik!

file:
directory: /etc/traefik/traefik.d
watch: true
debugLogGeneratedTemplate: true

dynamic:
test.yaml:
http:
routers:
vmware-view-https:
rule: "Host(werkplek.dezb.nl)"
tls:
domains:
- main: "dezb.nl"
sans:
- "*.dezb.nl"
service: "vmware-view"
services:
vmware-view:
loadBalancer:
servers:
- url: "https://mdb-vw-csview03.dezb.nl"
- url: "https://mdb-vw-csview04.dezb.nl"
sticky:
cookie: {}

and certificate.yaml:
tls:
certificates:
- certFile: /etc/traefik/ssl/view.dezb.nl.crt
keyFile: /etc/traefik/ssl/view.dezb.nl.key
stores:
- default
# Note that since no store is defined,
# the certificate below will be stored in the default store.
stores:
default:
defaultCertificate:
certFile: /etc/traefik/ssl/view.dezb.nl.crt
keyFile: /etc/traefik/ssl/view.dezb.nl.key

i have no startup erorrs and the dashboard is all green.

what is my problem?

jakubhajek · March 17, 2022, 1:03pm

Could you please share your configuration with the correct YAML indentation?

You can also enable DEBUG log and check the generated logs, especially the beginning of the log file.

Thank you,

mlan · March 17, 2022, 1:31pm

debug:

time="2022-03-17T14:26:20+01:00" level=info msg="Traefik version 2.6.1 built on 2022-02-14T16:50:25Z"
time="2022-03-17T14:26:20+01:00" level=debug msg="Static configuration loaded {\"global\":{\"checkNewVersion\":true},\"serversTransport\":{\"maxIdleConnsPerHost\":200},\"entryPoints\":{\"traefik\":{\"address\":\":8080\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":\"10s\"},\"respondingTimeouts\":{\"idleTimeout\":\"3m0s\"}},\"forwardedHeaders\":{},\"http\":{},\"udp\":{\"timeout\":\"3s\"}},\"web\":{\"address\":\":80\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":\"10s\"},\"respondingTimeouts\":{\"idleTimeout\":\"3m0s\"}},\"forwardedHeaders\":{},\"http\":{\"redirections\":{\"entryPoint\":{\"to\":\"websecure\",\"scheme\":\"https\",\"permanent\":true,\"priority\":2147483646}}},\"udp\":{\"timeout\":\"3s\"}},\"websecure\":{\"address\":\":443\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":\"10s\"},\"respondingTimeouts\":{\"idleTimeout\":\"3m0s\"}},\"forwardedHeaders\":{},\"http\":{},\"udp\":{\"timeout\":\"3s\"}}},\"providers\":{\"providersThrottleDuration\":\"2s\",\"file\":{\"directory\":\"/etc/traefik/traefik.d\",\"watch\":true,\"debugLogGeneratedTemplate\":true}},\"api\":{\"insecure\":true,\"dashboard\":true},\"ping\":{\"entryPoint\":\"traefik\",\"terminatingStatusCode\":503},\"log\":{\"level\":\"debug\",\"filePath\":\"/var/log/traefik/traefik.log\",\"format\":\"common\"},\"accessLog\":{\"filePath\":\"/var/log/traefik/access.log\",\"format\":\"common\",\"filters\":{\"statusCodes\":[\"200\",\"300-302\"],\"retryAttempts\":true,\"minDuration\":\"10ms\"},\"fields\":{\"defaultMode\":\"keep\",\"headers\":{\"defaultMode\":\"drop\"}}},\"pilot\":{\"dashboard\":true}}"
time="2022-03-17T14:26:20+01:00" level=info msg="\nStats collection is disabled.\nHelp us improve Traefik by turning this feature on :)\nMore details on: https://doc.traefik.io/traefik/contributing/data-collection/\n"
time="2022-03-17T14:26:20+01:00" level=info msg="Starting provider aggregator.ProviderAggregator"
time="2022-03-17T14:26:20+01:00" level=debug msg="Start TCP Server" entryPointName=web
time="2022-03-17T14:26:20+01:00" level=debug msg="Start TCP Server" entryPointName=websecure
time="2022-03-17T14:26:20+01:00" level=debug msg="Start TCP Server" entryPointName=traefik
time="2022-03-17T14:26:20+01:00" level=info msg="Starting provider *file.Provider"
time="2022-03-17T14:26:20+01:00" level=debug msg="*file.Provider provider configuration: {\"directory\":\"/etc/traefik/traefik.d\",\"watch\":true,\"debugLogGeneratedTemplate\":true}"
time="2022-03-17T14:26:20+01:00" level=debug msg="Template content: tls:\n  certificates:\n    - certFile: /etc/traefik/ssl/view.dezb.nl.crt\n      keyFile: /etc/traefik/ssl/view.dezb.nl.key\n      stores:\n        - default\n    # Note that since no store is defined,\n    # the certificate below will be stored in the `default` store.\n  stores:\n    default:\n      defaultCertificate:\n        certFile: /etc/traefik/ssl/view.dezb.nl.crt\n        keyFile: /etc/traefik/ssl/view.dezb.nl.key\n" providerName=file
time="2022-03-17T14:26:20+01:00" level=debug msg="Rendering results: tls:\n  certificates:\n    - certFile: /etc/traefik/ssl/view.dezb.nl.crt\n      keyFile: /etc/traefik/ssl/view.dezb.nl.key\n      stores:\n        - default\n    # Note that since no store is defined,\n    # the certificate below will be stored in the `default` store.\n  stores:\n    default:\n      defaultCertificate:\n        certFile: /etc/traefik/ssl/view.dezb.nl.crt\n        keyFile: /etc/traefik/ssl/view.dezb.nl.key\n" providerName=file
time="2022-03-17T14:26:20+01:00" level=debug msg="Template content: http:\n  routers:\n    vmware-view-https:\n      rule: \"Host(`werkplek.dezb.nl`)\"\n      tls:\n        domains:\n          - main: \"dezb.nl\"\n            sans:\n              - \"*.dezb.nl\"\n      service: \"vmware-view\"\n  services:\n    vmware-view:\n      loadBalancer:\n        servers:\n        - url: \"https://mdb-vw-csview03.dezb.nl\"\n        - url: \"https://mdb-vw-csview04.dezb.nl\"\n        sticky:\n         cookie: {}\n" providerName=file
time="2022-03-17T14:26:20+01:00" level=debug msg="Rendering results: http:\n  routers:\n    vmware-view-https:\n      rule: \"Host(`werkplek.dezb.nl`)\"\n      tls:\n        domains:\n          - main: \"dezb.nl\"\n            sans:\n              - \"*.dezb.nl\"\n      service: \"vmware-view\"\n  services:\n    vmware-view:\n      loadBalancer:\n        servers:\n        - url: \"https://mdb-vw-csview03.dezb.nl\"\n        - url: \"https://mdb-vw-csview04.dezb.nl\"\n        sticky:\n         cookie: {}\n" providerName=file
time="2022-03-17T14:26:20+01:00" level=info msg="Starting provider *traefik.Provider"
time="2022-03-17T14:26:20+01:00" level=debug msg="*traefik.Provider provider configuration: {}"
time="2022-03-17T14:26:20+01:00" level=info msg="Starting provider *acme.ChallengeTLSALPN"
time="2022-03-17T14:26:20+01:00" level=debug msg="*acme.ChallengeTLSALPN provider configuration: {\"Timeout\":4000000000}"
time="2022-03-17T14:26:20+01:00" level=debug msg="Configuration received from provider file: {\"http\":{\"routers\":{\"vmware-view-https\":{\"service\":\"vmware-view\",\"rule\":\"Host(`werkplek.dezb.nl`)\",\"tls\":{\"domains\":[{\"main\":\"dezb.nl\",\"sans\":[\"*.dezb.nl\"]}]}}},\"services\":{\"vmware-view\":{\"loadBalancer\":{\"sticky\":{\"cookie\":{}},\"servers\":[{\"url\":\"https://mdb-vw-csview03.dezb.nl\"},{\"url\":\"https://mdb-vw-csview04.dezb.nl\"}],\"passHostHeader\":true}}}},\"tcp\":{},\"udp\":{},\"tls\":{\"stores\":{\"default\":{}}}}" providerName=file
time="2022-03-17T14:26:20+01:00" level=debug msg="Configuration received from provider internal: {\"http\":{\"routers\":{\"api\":{\"entryPoints\":[\"traefik\"],\"service\":\"api@internal\",\"rule\":\"PathPrefix(`/api`)\",\"priority\":2147483646},\"dashboard\":{\"entryPoints\":[\"traefik\"],\"middlewares\":[\"dashboard_redirect@internal\",\"dashboard_stripprefix@internal\"],\"service\":\"dashboard@internal\",\"rule\":\"PathPrefix(`/`)\",\"priority\":2147483645},\"ping\":{\"entryPoints\":[\"traefik\"],\"service\":\"ping@internal\",\"rule\":\"PathPrefix(`/ping`)\",\"priority\":2147483647},\"web-to-websecure\":{\"entryPoints\":[\"web\"],\"middlewares\":[\"redirect-web-to-websecure\"],\"service\":\"noop@internal\",\"rule\":\"HostRegexp(`{host:.+}`)\",\"priority\":2147483646}},\"services\":{\"api\":{},\"dashboard\":{},\"noop\":{},\"ping\":{}},\"middlewares\":{\"dashboard_redirect\":{\"redirectRegex\":{\"regex\":\"^(http:\\\\/\\\\/(\\\\[[\\\\w:.]+\\\\]|[\\\\w\\\\._-]+)(:\\\\d+)?)\\\\/$\",\"replacement\":\"${1}/dashboard/\",\"permanent\":true}},\"dashboard_stripprefix\":{\"stripPrefix\":{\"prefixes\":[\"/dashboard/\",\"/dashboard\"]}},\"redirect-web-to-websecure\":{\"redirectScheme\":{\"scheme\":\"https\",\"port\":\"443\",\"permanent\":true}}},\"serversTransports\":{\"default\":{\"maxIdleConnsPerHost\":200}}},\"tcp\":{},\"tls\":{}}" providerName=internal
time="2022-03-17T14:26:20+01:00" level=debug msg="No entryPoint defined for this router, using the default one(s) instead: [web websecure]" routerName=vmware-view-https
time="2022-03-17T14:26:20+01:00" level=debug msg="Adding certificate for domain(s) dezb.nl,*.dezb.nl"
time="2022-03-17T14:26:20+01:00" level=debug msg="Added outgoing tracing middleware noop@internal" middlewareName=tracing middlewareType=TracingForwarder entryPointName=web routerName=web-to-websecure@internal
time="2022-03-17T14:26:20+01:00" level=debug msg="Creating middleware" routerName=web-to-websecure@internal middlewareType=RedirectScheme middlewareName=redirect-web-to-websecure@internal entryPointName=web
time="2022-03-17T14:26:20+01:00" level=debug msg="Setting up redirection to https 443" middlewareType=RedirectScheme middlewareName=redirect-web-to-websecure@internal entryPointName=web routerName=web-to-websecure@internal
time="2022-03-17T14:26:20+01:00" level=debug msg="Adding tracing to middleware" middlewareName=redirect-web-to-websecure@internal entryPointName=web routerName=web-to-websecure@internal
time="2022-03-17T14:26:20+01:00" level=debug msg="Creating middleware" entryPointName=web middlewareName=traefik-internal-recovery middlewareType=Recovery
time="2022-03-17T14:26:20+01:00" level=debug msg="Added outgoing tracing middleware api@internal" entryPointName=traefik routerName=api@internal middlewareName=tracing middlewareType=TracingForwarder
time="2022-03-17T14:26:20+01:00" level=debug msg="Added outgoing tracing middleware dashboard@internal" middlewareType=TracingForwarder middlewareName=tracing entryPointName=traefik routerName=dashboard@internal
time="2022-03-17T14:26:20+01:00" level=debug msg="Creating middleware" middlewareType=StripPrefix middlewareName=dashboard_stripprefix@internal entryPointName=traefik routerName=dashboard@internal
time="2022-03-17T14:26:20+01:00" level=debug msg="Adding tracing to middleware" middlewareName=dashboard_stripprefix@internal entryPointName=traefik routerName=dashboard@internal
time="2022-03-17T14:26:20+01:00" level=debug msg="Creating middleware" entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_redirect@internal middlewareType=RedirectRegex
time="2022-03-17T14:26:20+01:00" level=debug msg="Setting up redirection from ^(http:\\/\\/(\\[[\\w:.]+\\]|[\\w\\._-]+)(:\\d+)?)\\/$ to ${1}/dashboard/" middlewareType=RedirectRegex entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_redirect@internal
time="2022-03-17T14:26:20+01:00" level=debug msg="Adding tracing to middleware" middlewareName=dashboard_redirect@internal entryPointName=traefik routerName=dashboard@internal
time="2022-03-17T14:26:20+01:00" level=debug msg="Added outgoing tracing middleware ping@internal" middlewareName=tracing middlewareType=TracingForwarder entryPointName=traefik routerName=ping@internal
time="2022-03-17T14:26:20+01:00" level=debug msg="Creating middleware" entryPointName=traefik middlewareName=traefik-internal-recovery middlewareType=Recovery
time="2022-03-17T14:26:20+01:00" level=debug msg="Creating middleware" middlewareType=Pipelining entryPointName=web routerName=vmware-view-https@file serviceName=vmware-view middlewareName=pipelining
time="2022-03-17T14:26:20+01:00" level=debug msg="Creating load-balancer" routerName=vmware-view-https@file serviceName=vmware-view entryPointName=web
time="2022-03-17T14:26:20+01:00" level=debug msg="Sticky session cookie name: _178b6" entryPointName=web routerName=vmware-view-https@file serviceName=vmware-view
time="2022-03-17T14:26:20+01:00" level=debug msg="Creating server 0 https://mdb-vw-csview03.dezb.nl" entryPointName=web routerName=vmware-view-https@file serviceName=vmware-view serverName=0
time="2022-03-17T14:26:20+01:00" level=debug msg="child https://mdb-vw-csview03.dezb.nl now UP"
time="2022-03-17T14:26:20+01:00" level=debug msg="Propagating new UP status"
time="2022-03-17T14:26:20+01:00" level=debug msg="Creating server 1 https://mdb-vw-csview04.dezb.nl" serviceName=vmware-view entryPointName=web serverName=1 routerName=vmware-view-https@file
time="2022-03-17T14:26:20+01:00" level=debug msg="child https://mdb-vw-csview04.dezb.nl now UP"
time="2022-03-17T14:26:20+01:00" level=debug msg="Still UP, no need to propagate"
time="2022-03-17T14:26:20+01:00" level=debug msg="Added outgoing tracing middleware vmware-view" middlewareName=tracing middlewareType=TracingForwarder entryPointName=web routerName=vmware-view-https@file
time="2022-03-17T14:26:20+01:00" level=debug msg="Creating middleware" entryPointName=web middlewareName=traefik-internal-recovery middlewareType=Recovery
time="2022-03-17T14:26:20+01:00" level=debug msg="Creating middleware" entryPointName=websecure middlewareName=traefik-internal-recovery middlewareType=Recovery
time="2022-03-17T14:26:20+01:00" level=debug msg="Adding route for werkplek.dezb.nl with TLS options default" entryPointName=web
time="2022-03-17T14:26:20+01:00" level=debug msg="Adding route for werkplek.dezb.nl with TLS options default" entryPointName=websecure

traefik.yaml
global:
  checkNewVersion: true
#  sendAnonymousUsage: true

#serversTransport:
  # Allow self-signed/Internal CA Issued Certs to be used easily for back-end connections
#  insecureSkipVerify:

api:
    insecure: true
    dashboard: true
    debug: false

log:
  filePath: "/var/log/traefik/traefik.log"
  level: debug
  format: common
  # format: json

accessLog:
  filePath: "/var/log/traefik/access.log"
  format: common
  filters:
    statusCodes:
      - "200"
      - "300-302"
    retryAttempts: true
    minDuration: "10ms"

ping:
  entryPoint: "traefik"

entryPoints:
  web:
    address: ":80"
    http:
      redirections:
        entryPoint:
          to: websecure
          scheme: https
  websecure:
    address: ":443"

providers:
  # Enable the file provider to define routers / middlewares / services in file
  # Each *.yml file placed in this directory will be dynamically read and applied by Traefik!
  file:
    directory: /etc/traefik/traefik.d
    watch: true
    debugLogGeneratedTemplate: true

test.yaml
http:
  routers:
    vmware-view-https:
      rule: "Host(`werkplek.dezb.nl`)"
      tls:
        domains:
          - main: "dezb.nl"
            sans:
              - "*.dezb.nl"
      service: "vmware-view"
  services:
    vmware-view:
      loadBalancer:
        servers:
        - url: "https://mdb-vw-csview03.dezb.nl"
        - url: "https://mdb-vw-csview04.dezb.nl"
        sticky:
         cookie: {}

/etc/traefik/traefik.d# cat certificates.yaml
tls:
  certificates:
    - certFile: /etc/traefik/ssl/view.dezb.nl.crt
      keyFile: /etc/traefik/ssl/view.dezb.nl.key
      stores:
        - default
    # Note that since no store is defined,
    # the certificate below will be stored in the `default` store.
  stores:
    default:
      defaultCertificate:
        certFile: /etc/traefik/ssl/view.dezb.nl.crt
        keyFile: /etc/traefik/ssl/view.dezb.nl.key

mlan · March 23, 2022, 8:12am

hi all, please someone a clue?

Haisheng · March 23, 2022, 2:04pm

Hi,

I am getting into the same issue, SSL certificate is not served.
Although I have defined the dynamic file to point the cert file and key file...
error msg level=debug msg="http: TLS handshake error from x.x.x:52418: remote error: tls: unknown certificate.

AnnaSunova · March 25, 2022, 6:42am

Hello everybody. First, sorry my english. I am absolute out of range in traefik, but I need help. The problem is that I can't set the SSL certificate to virtual server. I do not understand docker, I do not understand treafik. The developer of our website is unreachable but Ibneed that SSL certif.to set up. Anyone please can help me? Anna.Sunova@gmail.com thank you very much.

tommoulard · March 25, 2022, 9:00am

Hello @AnnaSunova,

I would go to https://support.traefik.io/ or send a mail to sales@traefik.io.

AnnaSunova · March 25, 2022, 10:53am

Thank you

Dňa pi 25. 3. 2022, 10:10 Tom Moulard via Traefik Labs Community Forum <notifications@containo.discoursemail.com> napísal(a):

Topic		Replies	Views
Traefik not serving custom SSL certificate Traefik v2 (latest) docker	9	4827	December 14, 2023
Https with valid cert not works Traefik v2 (latest) docker , file	0	326	December 6, 2019
Http is working - https is not Traefik v2 (latest) docker	7	2007	February 15, 2021
Unable to get HTTPS using Traefik as reverse proxy Traefik v2 (latest) docker	2	741	October 26, 2022
Default Certificate not working Traefik v2 (latest) docker	8	14134	January 3, 2022