I don't understand what you mean with speed limits.
Traefik LetsEncrypt will create new certificates and save those in the acme.json. If the file is correctly configured in Traefik and placed in a correctly mounted folder, Traefik will not try to recreate certificates after a container restart.
I get the following error and the certificate is missing from the site.
{"entryPointName":"websecure","level":"warning","msg":"No domain found in rule PathPrefix(`/`), the TLS options applied for this router will depend on the SNI of each request","routerName":"websecure-matchlast@docker","time":"2022-11-19T16:17:35Z"}
{"entryPointName":"websecure","level":"warning","msg":"No domain found in rule HostRegexp(`{name:^www\\..*}`), the TLS options applied for this router will depend on the SNI of each request","routerName":"websecure-unmatchedwww@docker","time":"2022-11-19T16:17:35Z"}
{"ACME CA":"https://acme-v02.api.letsencrypt.org/directory","error":"unable to generate a certificate for the domains [nomeadominio.com www.nomeadominio.com]: error: one or more domains had a problem:\n[nomeadominio.com] acme: error: 400 :: urn:ietf:params:acme:error:tls :: ---------------------------------------: remote error: tls: internal error\n[www.nomeadominio.com] acme: error: 400 :: urn:ietf:params:acme:error:tls :: ---------------------------------------: remote error: tls: internal error\n","level":"error","msg":"Unable to obtain ACME certificate for domains \"nomeadominio.com,www.nomeadominio.com\"","providerName":"leresolver.acme","routerName":"websecure-tomcat-java@docker","rule":"Host(`www.nomeadominio.com`)","time":"2022-11-19T16:17:35Z"}
I have a server at Amazon AWS and two active domains. The first domain is on Freenom (something.ml), the second domain is on Ionos (something.com). This morning I deleted everything from the Amazon server and reloaded the project. I'll tell you what happened:
I wrote something.ml in the browser and noticed that the certificate was missing;
After a few minutes I tried again and the certificate was missing;
I ate a snack, I tried again and the certificate was present (the problem described in the first post of this thread persists);
I deleted everything from the server and uploaded the project related to something.com;
I typed something.com in the browser and noticed that the certificate was missing;
In the log file I find this:
too many certificates (5) already issued for this exact set of domains in the last 168 hours
(On something.com I never got a certificate!)
(On the project I'm testing I have 5 subdomains. Is that too many?)
I typed something.ga in the browser and noticed that the certificate was missing;
After a few seconds I tried again and the certificate was missing;
After a few minutes I tried again and the certificate was present;
The problem described in the first post persists;
This Traefik has 2 bugs:
The certificate is missing on traefik.something.extension. After entering the credentials, the certificate appears but before it is absent, as described in the first post.
You don't get the certificate after all volumes and containers are created (there is some malfunction). This is not a real problem, after a few minutes it resolves itself. This is just a malfunction.
This proxy has bugs. I'm sorry that the Traefik Team is not interested in this discussion but I am convinced that if they read my code they will find a new bug for Traefik.
This code doesn't work, it has a bug, sorry to say this but it's the truth. Try opening a domain on Freenom, it's free. You will see with your own eyes what I write.
I'll try again with the .com domain in a week. The remaining problem is the one described in the first post. I tried to update Traefik version (v.2.9.5). The bug persists.
I also noticed that the acme.json file is empty. Is the following code correct with Traefik 2.9.5?
- ./volumes/data-letsencrypt/:/letsencrypt
If I save the acme.json file on my PC and replace it with the one on the server when I exceed the limits, do I solve it?
If you have a valid acme.json, you can copy it around and have Traefik use it. Be aware the LE certificates expire after around 90 days.
In general you can not use LetsEncrypt with localhost. LE will try to verify your domain name and the IP, and of course it can't reach your localhost to do that.
Here is a workin example docker-compose.yml with Traefik, dashboard, LetsEncrypt, LE certs stored on host, http->https and www redirect - and a service:
I also answer your question regarding the network. Yes, you need to create the proxy network.
I am sorry that the Traefik team is not interested in my question. It is a thread dated October 17, 2022 with 222 visits and 28 replies. Seems like superficial behavior to me. On the site I can't even find an email to write to the Traefik team.
I also noticed that after running your code it takes some time for the browser to find the certificate. I don't understand why this happens but it's absolutely not a problem to wait a few minutes.
I just tested it again, it works for me. If you don't get a LetsEncrypt certificate, than you need to check your Traefik logs for errors. Make sure your DNS ist set for the right (sub-)domains and IPs.
Try changing example.com and traefik.example.com around between the services to see if it makes a difference.
This is a community forum with community support. If you want to create official tickets with Traefik, then you probably have to buy a support package.
'' A 3600 ip-server
www A 3600 ip-server
traefik A 3600 ip-server
www.traefik A 3600 ip-server
Can you show me your domain that the script works on?
Can you tell me which dns you use? I use freenom.
Can you tell me which cloud you use? I use Amazon AWS.
Can you show me your dns configuration?
I am using exactly your code. I just can't figure out how it can work on your server and not work on mine. Please use the exact code you posted and try again.
you have to recognize that I am just an average Traefik user. I probably spend 1h of my free time with your issue, not being paid. If it does not work, it seems I can not help you.
You seem very demanding, why don't you check things yourself, like the latest release (Github, Docker). And without providing full config and debug logs (grep for error), everyone else who might want to support you is navigating blindly.
Here is my latest docker-compose.yml, I use tlschallenge, moved resolver-assignment to entrypoint (reduces labels) and place acme.json in a Docker volume. The existing network proxy is overlay. This works for me on a plain Docker node, not Swarm member. The only things I replaced was email and domains.
PS: It takes some seconds for Traefik to generate a new LE cert, so if you are quick enough after startup you might see at least an error about a wrong certificate in your browser.
You are right, sorry for my dislike but I am exasperated with this issue.
I tested your second code and I keep seeing the same problem. 1 - Before entering the credentials, the connection is not secure; 2 - After I have entered the credentials, the connection becomes secure.
I don't think the code you sent me on your server works.
In my opinion, you too have the same problem or you are using a different code than the one you insert in this post.
Can you provide me your URL so I can try your proxy control panel?
Wow, that was probably a lot of work. I understand your distress, been there many times, lost many hairs (much hair?) while wondering why Traefik is not doing what I want
Think about removing or reducing your last post, you have many domains (personal, cupido), your email and dashboard PW in there.
The log is good. Searching for error show some information.
Browser not happy with served cert, it's a custom Traefik default, no LE yet
Currently the server is not reachable. That's too bad because I have the browsers' network tab already open and I expect that I do get a forward and then a TLS/SSL connection when calling 'http://traefik.fedxyz.tk'.
I am a bit suspicious if your browser shows you the real thing. It looks so Windows Because in reality we are talking about 3 request/response pairs to get to the dashboard:
Request: http://traefik.fedxyz.tk/dashboard/
Response: move to https
HTTP/1.1 301 Moved Permanently
Location: https://traefik.fedxyz.tk/dashboard/
I reopened the instance. If you try now it works.
I'm glad you understood the problem.
I removed the information relating to sites that are not mine, the rest can remain.
Anyone who clicks on that link and reads that the connection is not secure thinks that the site is not professional or has dangerous links.
This evening I'll try to see with Linux and Apple if I get the same problem. I use Windows.
I never said the redirect was incorrect.
All browsers provide this message:
Your connection to this site is not secure The site does not have a certificate.
Since the connection is not secure, information (such as passwords or credit cards) will not be sent securely to this site and could be intercepted or viewed by others.
Basically the https protocol, as shown in my previous images, is present but the certificate is missing.
In the post above you will find the credentials to log in, they are written in bold. You have to use 'test' and 'password'.