Hi,
I'm trying to use a certificate generated by ionos, my domain provide, but the log always report an error
time="2021-01-24T14:54:24Z" level=debug msg="Configuration received from provider file: {\"http\":{},\"tcp\":{},\"tls\":{\"stores\":{\"default\":{\"defaultCertificate\":{\"certFile\":\"/var/traefik2/tls/mixablerecord.com_ssl_certificate.cer\",\"keyFile\":\"/var/traefik2/tls/mixablerecord.com_private_key.key\"}}}}}" providerName=file
time="2021-01-24T14:12:49Z" level=error msg="Error while creating certificate store: failed to load X509 key pair: tls: failed to find any PEM data in certificate input" tlsStoreName=default
time="2021-01-24T14:12:49Z" level=error msg="Unable to append certificate /var/traefik2/tls/mixablerecord.com_ssl_certificate.cer to store: unable to generate TLS certificate : tls: failed to find any PEM data in certificate input" tlsStoreName=default
time="2021-01-24T14:54:44Z" level=debug msg="No default certificate, generating one"
time="2021-01-24T15:02:24Z" level=debug msg="Serving default certificate for request: \"whoami.mixablerecord.com\""
time="2021-01-24T15:02:25Z" level=debug msg="http: TLS handshake error from 192.168.1.254:5006: remote error: tls: bad certificate"
Here my Traefik docker-compose file
version: "3.3"
services:
traefik:
image: "traefik:latest"
container_name: "traefik"
restart: always
command:
- "--log.level=DEBUG"
- "--api.insecure=true"
- "--providers.docker=true"
- "--entrypoints.websecure.address=:443"
- "--providers.file.directory=/certs/"
- "--providers.file.watch=true"
ports:
- "80:80"
- "443:443"
- "8080:8080"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "/var/traefik2/certs/:/certs/"
networks:
- traefik
networks:
traefik:
external: true
The yaml file with the certificates location, which is located in /var/traefik2/certs directory
tls:
certificates:
- certFile: "/var/traefik2/tls/mixablerecord.com_ssl_certificate.cer"
keyFile: "/var/traefik2/tls/mixablerecord.com_private_key.key"
stores:
- default
stores:
default:
defaultCertificate:
certFile: "/var/traefik2/tls/mixablerecord.com_ssl_certificate.cer"
keyFile: "/var/traefik2/tls/mixablerecord.com_private_key.key"
The log shows that the file location is well found.
The certificates + key was controled with openssl, all with success
Here is a simple docker-compose file for a "Who Am I" container to test
version: "3"
services:
whoami:
image: hypriot/rpi-whoami
container_name: whoami
restart: always
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoami.rule=Host(`whoami.mixablerecord.com`)"
- "traefik.http.routers.whoami.entrypoints=websecure"
- "traefik.http.routers.whoami.tls=true"
environment:
- "PORT=8000"
expose:
- 8000
ports:
- "8000:8000"
networks:
- traefik
networks:
traefik:
external: true
When I try to access this whoami site inside the local network with the port 8000, I have the right answer.
But It didn't work When I'm trying to access with the https url.
Of course, my freebox router has the port 443 open and redirect the trafic to the local machine, a raspberry pi. Traefik log show the attempt to access.
I spend many times trying and reading other posts about this trouble, but nothing helped. I decided to ask here for some help.
Thank you in advance.
Regards
Steeve