Tls no certificates configured

studyfranco · April 23, 2024, 12:54am

Hello,

I have a error when I try to connect to my traefik with my ip and infinite domain.
I use docker compose with this options:

services:
  nginx:
    container_name: nginx
    hostname: nginx
    image: nginx:latest
    labels:
      - 'traefik.enable=true'
      - 'traefik.http.routers.shit_traffic.rule=PathPrefix(`/`) || HostRegexp(`*.pom.com`) || Host(`test3.pom.com`)'
      - 'traefik.http.routers.shit_traffic.priority=1'
      - 'traefik.http.routers.shit_traffic.service=shit_traffic'
      - 'traefik.http.services.shit_traffic.loadBalancer.server.port=14143'
      - 'traefik.http.routers.shit_traffic.tls=true'
      - 'traefik.http.routers.shit_traffic.tls.certResolver=leresolver'
      - 'traefik.http.routers.shit_traffic.tls.options=modern@file'
      - 'traefik.http.routers.shit_traffic.tls.domains[0].main=pom.com'
      - 'traefik.http.routers.shit_traffic.tls.domains[0].sans=*.pom.com'
      - 'traefik.http.routers.shit_traffic.middlewares=basic_chain@file'
      - 'traefik.http.services.shit_traffic.loadBalancer.passHostHeader=true'
      - 'traefik.http.routers.shit_traffic_obvious.rule=PathPrefix(`/`)'
      - 'traefik.http.routers.shit_traffic_obvious.priority=1'
      - 'traefik.http.routers.shit_traffic_obvious.service=shit_traffic'

If I try to connect with test3.pom.com I have no problem.
But if I try to connect with the ip directly or test2.pom.com I have this error:

level=debug msg="http: TLS handshake error from test2.pom.com:40098: tls: no certificates configured"

Where I miss something ?

Best regards

bluepuma77 · April 23, 2024, 11:54am

I don’t think HostRegex() works that way (doc), and I recommend to define the main/sans directly on entrypoint.

HostRegexp , PathPrefix , and Path accept an expression with zero or more groups enclosed by curly braces, which are called named regexps. Named regexps, of the form {name:regexp} , are the only expressions considered for regexp matching. The regexp name (name in the above example) is an arbitrary value, that exists only for historical reasons.

studyfranco · April 23, 2024, 1:41pm

Thank you for your reply.

I was aiming to acquire multiple certificates and segregate my services while also incorporating some trap inside my configuration. (My NGINX forward bad querry to a api and block the IP.)
I will take your advice into consideration and explore implementing it directly at the entrypoint, as you suggested.

like:

[entryPoints.websecure]
  address = ":443"

    [entryPoints.websecure.http.tls]
      options = "foobar"
      certResolver = "leresolver"
      [[entryPoints.websecure.http.tls.domains]]
        main = "example.com"
        sans = ["foo.example.com", "bar.example.com"]
      [[entryPoints.websecure.http.tls.domains]]
        main = "test.com"
        sans = ["foo.test.com", "bar.test.com"]

Topic		Replies	Views
Traefik dns challenge with duckdns Traefik v2 docker	5	5092	March 8, 2023
Issues with TLS configuration in v2 Traefik v2 docker	12	5195	December 24, 2019
Tls: no cipher suite supported by both client and server Traefik v2 docker	8	990	May 10, 2023
Traefik serves default cert for HostSNI (tls over tcp) Traefik v2 docker , letsencrypt-acme , tcp	7	1643	August 14, 2023
TLS certificates with Docker Traefik v2 docker	2	3997	September 18, 2019

Tls no certificates configured

Related Topics