Stuck with Staging X1 Certificate

rombo · January 24, 2022, 3:22am

Following along in the docs DNS Challenge - Traefik and enabled staging to test if things would work before using cloudflare, composed down, removed the folders, comment the staging line, saved, and brought the compose file back up but when i visit whoami i still have a cert warning and it shows up as staging cert?
last debug message is

traefik    | time="2022-01-24T03:04:39Z" level=debug msg="Try to challenge certificate for domain [whoami.mydomain.xyz] found in HostSNI rule" providerName=myresolver.acme routerName=whoami@docker rule="Host(`whoami.mydomain.xyz`)"
traefik    | time="2022-01-24T03:04:39Z" level=debug msg="Looking for provided certificate(s) to validate [\"whoami.mydomain.xyz\"]..." rule="Host(`whoami.mydomain.xyz`)" providerName=myresolver.acme routerName=whoami@docker
traefik    | time="2022-01-24T03:04:39Z" level=debug msg="No ACME certificate generation required for domains [\"whoami.mydomain.xyz\"]." providerName=myresolver.acme routerName=whoami@docker rule="Host(`whoami.mydomain.xyz`)"
traefik    | time="2022-01-24T03:05:22Z" level=debug msg="http: TLS handshake error from 192.168.12.19:50084: remote error: tls: unknown certificate authority"

version: "3.3"
services:
  traefik:
    image: "traefik:v2.5"
    container_name: "traefik"
    command:
      - "--log.level=DEBUG"
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--certificatesresolvers.myresolver.acme.dnschallenge=true"
      - "--certificatesresolvers.myresolver.acme.dnschallenge.provider=cloudflare"
      # - "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
      - "--certificatesresolvers.myresolver.acme.email=mymail@gmail.com"
      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    environment:
      - "CF_API_EMAIL=mymail@gmail.com"
      - "CF_API_KEY=asd"
      # - "CF_DNS_API_TOKEN=asd"
    volumes:
      - "./letsencrypt:/letsencrypt"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
  whoami:
    image: "traefik/whoami"
    container_name: "simple-service"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.whoami.rule=Host(`whoami.mydomain.xyz`)"
      - "traefik.http.routers.whoami.entrypoints=websecure"
      - "traefik.http.routers.whoami.tls.certresolver=myresolver"

rombo · January 27, 2022, 10:51pm

Think the issue was a DNS server. Was some sort of querying my local DNS server with some error message i found in debug. Inserting something like this in command: under traefik fixed it.

services:
  traefik:
    image: "traefik:v2.5"
    container_name: "traefik"
    command:
      - "--certificatesresolvers.myresolver.acme.dnschallenge.resolvers=1.1.1.1:53,8.8.8.8:53"

ldez · January 27, 2022, 11:26pm

Hello,

The staging certificates are not valid (it's expected because it's just testing certificates) and are stored in the acme.json file.
So when you want to use the real certificates, you have to remove the data related to the staging: you have to remove your acme.json file (/letsencrypt/acme.json).

You can also have some side effects related to your browser cache or your resolver cache (you can also clean those caches).

Topic		Replies	Views
Letsencrypt is unable to generate a certificate for the domains Traefik v2 (latest) docker , letsencrypt-acme	2	11663	October 16, 2019
Cannot obtain ACME certificate Traefik v2 (latest) docker , letsencrypt-acme , middleware	3	665	March 11, 2021
Traefik V2 ACME Error: "Domain name needs at least one dot" Traefik v2 (latest) docker , letsencrypt-acme	1	7565	April 8, 2020
Traefik Letsencrypt TLSChallenge - Documentation Incomplete? Traefik v2 (latest) letsencrypt-acme	12	168	February 24, 2024
No ACME certification creation Traefik v2 (latest) docker , letsencrypt-acme	2	1678	September 18, 2019

Stuck with Staging X1 Certificate

Related Topics