SSL Certs does not work

Kaaedan · September 14, 2020, 11:36am

Hey,

I've been trying to make SSL Certs working for a moment on my applications but it does not...

Here is my docker-compose.yml :

version: "3.3"

services:
  traefik:
    image: "traefik:v2.0.0"
    command:
      - --entrypoints.web.address=:80
      - --entrypoints.websecure.address=:443
      - --providers.docker
      - --api
      - --certificatesresolvers.leresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
      - --certificatesresolvers.leresolver.acme.email=your@email.com
      - --certificatesresolvers.leresolver.acme.storage=/letsencrypt/acme.json
      - --certificatesresolvers.leresolver.acme.tlschallenge=true
      - --log.level=DEBUG
      - --log.format=json
      - --accessLog
    ports:
      - "80:80"
      - "443:443"
    networks:
      - web
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "/opt/traefik/acme.json:/acme.json"
      - "/opt/letsencrypt:/letsencrypt"
    labels:
      # Dashboard
      - "traefik.http.routers.traefik.rule=Host(`traefik.example.com`)"
      - "traefik.http.routers.traefik.service=api@internal"
      - "traefik.http.routers.traefik.tls.certresolver=leresolver"
      - "traefik.http.routers.traefik.entrypoints=websecure"
      - "traefik.http.routers.traefik.middlewares=authtraefik"
      - "traefik.http.middlewares.authtraefik.basicauth.users=user:$$apr1$$q8eZFHjF$$Fvmkk//V6Btlaf2i/ju5n/" # user/password

      # global redirect to https
      - "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
      - "traefik.http.routers.http-catchall.entrypoints=web"
      - "traefik.http.routers.http-catchall.middlewares=redirect-to-https"

      # middleware redirect
      - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"

networks:
  web:
    external: true

The acme.json file :

{
    "leresolver": {
      "Account": {
        "Email": "your@email.com",
        "Registration": {
          "body": {
            "status": "valid",
            "contact": [
              "mailto:your@email.com"
            ]
          },
          "uri": "https://acme-staging-v02.api.letsencrypt.org/acme/acct/15570204"
        },
        "PrivateKey": "privatekey",
        "KeyType": "4096"
      },
      "Certificates": [
        {
          "domain": {
            "main": "whoami.example.com"
          },
          "certificate": "certificate",
          "key": "key",
          "Store": "default"
        },
        {
          "domain": {
            "main": "traefik.example.com"
          },
          "certificate": "certificate",
          "key": "key",
          "Store": "default"
        },
        {
          "domain": {
            "main": ".example.com"
          },
          "certificate": "certificate",
          "key": "key",
          "Store": "default"
        }
      ]
    }

And there is no logs in the container concerning certs

Hope you can help me working this out !
Thanks.

zespri · September 15, 2020, 6:14am

You are probably looking at a wrong place, there should be logs.

Kaaedan · September 15, 2020, 12:48pm

I'm using docker-compose logs to check the logs.

Here is the thing I have from the logs :

traefik_1  | time="2020-09-15T12:46:33Z" level=info msg="Configuration loaded from flags."
traefik_1  | 78.123.8.52 - - [15/Sep/2020:12:46:39 +0000] "GET / HTTP/2.0" 401 17 "-" "-" 1 "my-app@docker" - 0ms
traefik_1  | 78.123.8.52 - user [15/Sep/2020:12:46:48 +0000] "GET / HTTP/2.0" 200 875 "-" "-" 2 "my-app@docker" "http://172.19.0.3:80" 4ms
traefik_1  | 78.123.8.52 - user [15/Sep/2020:12:46:48 +0000] "GET /favicon.ico HTTP/2.0" 200 818 "-" "-" 3 "my-app@docker" "http://172.19.0.3:80" 2ms
traefik_1  | 78.123.8.52 - user [15/Sep/2020:12:47:00 +0000] "GET / HTTP/2.0" 302 34 "-" "-" 4 "traefik@docker" - 0ms
traefik_1  | 78.123.8.52 - user [15/Sep/2020:12:47:00 +0000] "GET /api/version HTTP/2.0" 200 40 "-" "-" 5 "traefik@docker" - 0ms
traefik_1  | 78.123.8.52 - user [15/Sep/2020:12:47:00 +0000] "GET /api/entrypoints HTTP/2.0" 200 325 "-" "-" 6 "traefik@docker" - 1ms
traefik_1  | 78.123.8.52 - user [15/Sep/2020:12:47:00 +0000] "GET /api/overview HTTP/2.0" 200 334 "-" "-" 7 "traefik@docker" - 1ms
traefik_1  | 78.123.8.52 - user [15/Sep/2020:12:47:02 +0000] "GET /dashboard/service-worker.js HTTP/2.0" 200 997 "-" "-" 8 "traefik@docker" - 1ms
traefik_1  | 78.123.8.52 - user [15/Sep/2020:12:47:05 +0000] "GET /api/entrypoints HTTP/2.0" 200 325 "-" "-" 9 "traefik@docker" - 2ms
traefik_1  | 78.123.8.52 - user [15/Sep/2020:12:47:05 +0000] "GET /api/overview HTTP/2.0" 200 334 "-" "-" 10 "traefik@docker" - 2ms
traefik_1  | 192.241.227.14 - - [15/Sep/2020:12:47:06 +0000] "GET /ReportServer HTTP/1.1" 302 5 "-" "-" 11 "http-catchall@docker" - 0ms
traefik_1  | 78.123.8.52 - user [15/Sep/2020:12:47:10 +0000] "GET /api/entrypoints HTTP/2.0" 200 325 "-" "-" 12 "traefik@docker" - 3ms
traefik_1  | 78.123.8.52 - user [15/Sep/2020:12:47:10 +0000] "GET /api/overview HTTP/2.0" 200 334 "-" "-" 13 "traefik@docker" - 3ms
traefik_1  | 78.123.8.52 - user [15/Sep/2020:12:47:15 +0000] "GET /api/entrypoints HTTP/2.0" 200 325 "-" "-" 14 "traefik@docker" - 1ms
traefik_1  | 78.123.8.52 - user [15/Sep/2020:12:47:15 +0000] "GET /api/overview HTTP/2.0" 200 334 "-" "-" 15 "traefik@docker" - 1ms
traefik_1  | 78.123.8.52 - user [15/Sep/2020:12:47:20 +0000] "GET /api/entrypoints HTTP/2.0" 200 325 "-" "-" 16 "traefik@docker" - 2ms
traefik_1  | 78.123.8.52 - user [15/Sep/2020:12:47:20 +0000] "GET /api/overview HTTP/2.0" 200 334 "-" "-" 17 "traefik@docker" - 2ms

Nothing concerning certs..

Kaaedan · September 15, 2020, 1:45pm

Ok I finally worked it out.

I just missed that information from the doc :

"If you uncommented the acme.caserver line, you will get an SSL error, but if you display the certificate and see it was emitted by Fake LE Intermediate X1 then it means all is good. (It is the staging environment intermediate certificate used by let's encrypt). You can now safely comment the acme.caserver line, remove the letsencrypt/acme.json file and restart Traefik to issue a valid certificate."

Commenting the acme.caserver and deleting acme.json fixed it.

I have one last question, what's the purpose of the acme.server line in that case ?

zespri · September 15, 2020, 8:02pm

To avoid rate limiting.

system · September 18, 2020, 8:02pm

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Unable to get HTTPS to work at all Traefik v3 (latest) docker , letsencrypt-acme	2	168	March 2, 2024
Traefik + Docker + Let's Encrypt Traefik v2 docker , letsencrypt-acme	4	591	April 6, 2021
Problem with LetsEncrypt certificate generation Traefik v2 letsencrypt-acme	1	1387	September 15, 2021
HTTPS let's encrypt not working Traefik v2 docker , letsencrypt-acme	2	4230	November 15, 2019
Traefik does not provide a valid certificate on my website Traefik v2 docker , letsencrypt-acme , cli	6	3222	August 8, 2022

SSL Certs does not work

Related Topics