Traefik 1.7 to 2.0 Docker for Windows

Iosif · October 10, 2019, 11:06am

2.0.2 is in place since last night.
Here's my latest log

I deleted some parts of the log that didn't seem related to this in order to trim down the text to something a little bit more readeable.

Later edit: I've found this post similar to my issue:

Here's how that section looks like in my case:

    environment:
      - 'CF_API_EMAIL=${EMAIL}'
      - 'CF_API_KEY=${API_KEY}'
      - com.ouroboros.enable=true
      - TZ=Europe/Bucharest

I operated that change and now the txt records (_acme-challenge) are present in cloudflare dashboard.

new version:

    environment:
      - CF_API_EMAIL=${EMAIL}
      - CF_API_KEY=${API_KEY}
      - com.ouroboros.enable=true
      - TZ=Europe/Bucharest

Which is weird as the doco used " and I had ' and I needed to have none.

Even more later this is what the log said with the new config:

{"level":"debug","msg":"legolog: cloudflare: failed to delete TXT record: error from makeRequest: HTTP status 400: content \"{\\\"success\\\":false,\\\"errors\\\":[{\\\"code\\\":1032,\\\"message\\\":\\\"Invalid DNS record identifier\\\"}],\\\"messages\\\":[],\\\"result\\\":null}\"","time":"2019-10-10T14:12:17+03:00"},
{"level":"debug","msg":"legolog: [INFO] [DOMAIN.com] acme: Cleaning DNS-01 challenge","time":"2019-10-10T14:12:17+03:00"},
{"level":"debug","msg":"legolog: [INFO] [DOMAIN.com] acme: Waiting for DNS record propagation.","time":"2019-10-10T14:12:14+03:00"},
{"level":"debug","msg":"legolog: [INFO] [*.DOMAIN.com] acme: Cleaning DNS-01 challenge","time":"2019-10-10T14:12:16+03:00"},
{"level":"debug","msg":"legolog: [INFO] [DOMAIN.com] acme: Cleaning DNS-01 challenge","time":"2019-10-10T14:12:16+03:00"},
{"level":"debug","msg":"legolog: [INFO] [*.DOMAIN.com] acme: Cleaning DNS-01 challenge","time":"2019-10-10T14:12:17+03:00"},
{"level":"error","msg":"Unable to obtain ACME certificate for domains \"DOMAIN.com,*.DOMAIN.com\" : unable to generate a certificate for the domains [DOMAIN.com *.DOMAIN.com]: acme: Error -\u003e One or more domains had a problem:\n[*.DOMAIN.com] time limit exceeded: last error: NS curt.ns.cloudflare.com. did not return the expected TXT record [fqdn: DOMAIN.com., value: PInMs6Kkb4o-veqTMxukgRo9pWKnd2cwh4ERAvXWHxc]: ca3-428b7818d9e947029e2839f41147b14c\n[DOMAIN.com] [DOMAIN.com] acme: error presenting token: cloudflare: failed to create TXT record: error from makeRequest: HTTP status 400: content \"{\\\"success\\\":false,\\\"errors\\\":[{\\\"code\\\":81057,\\\"message\\\":\\\"The record already exists.\\\"}],\\\"messages\\\":[],\\\"result\\\":null}\"\n","providerName":"basic.acme","time":"2019-10-10T14:12:18+03:00"},
{"level":"debug","msg":"legolog: [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/714421683","time":"2019-10-10T14:12:18+03:00"},
{"level":"debug","msg":"legolog: [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/714421684","time":"2019-10-10T14:12:18+03:00"},
{"level":"error","msg":"Unable to obtain ACME certificate for domains \"DOMAIN.com,*.DOMAIN.com\" : unable to generate a certificate for the domains [DOMAIN.com *.DOMAIN.com]: acme: Error -\u003e One or more domains had a problem:\n[*.DOMAIN.com] [*.DOMAIN.com] acme: error presenting token: cloudflare: failed to create TXT record: error from makeRequest: HTTP status 400: content \"{\\\"success\\\":false,\\\"errors\\\":[{\\\"code\\\":81057,\\\"message\\\":\\\"The record already exists.\\\"}],\\\"messages\\\":[],\\\"result\\\":null}\"\n[DOMAIN.com] time limit exceeded: last error: NS curt.ns.cloudflare.com. did not return the expected TXT record [fqdn: DOMAIN.com., value: DxHnUDiBRk-W4JM1RvyTiLwXZ_jHgMfVIwHVxxK8zeA]: ca3-428b7818d9e947029e2839f41147b14c\n","providerName":"basic.acme","time":"2019-10-10T14:12:18+03:00"}

What I noticed is that the txt records had a TTL of 2 minutes however that it's not from my setup.

LE: I've checked my .env file and it's ok, I inspected the traefik container and the values are being fetched ok without any issues.

So I have no idea what's the problem with the certificates.

Does anyone know if the below messages are related with the above issue or not ?

{"level":"debug","msg":"http: TLS handshake error from 172.18.0.1:34774: remote error: tls: unknown certificate authority","time":"2019-10-10T15:48:12+03:00"}
{"level":"debug","msg":"http: TLS handshake error from 172.18.0.1:34782: remote error: tls: unknown certificate authority","time":"2019-10-10T15:48:12+03:00"}
{"level":"debug","msg":"http: TLS handshake error from 172.18.0.1:34786: remote error: tls: unknown certificate authority","time":"2019-10-10T15:48:12+03:00"}
{"level":"debug","msg":"http: TLS handshake error from 172.18.0.1:34796: remote error: tls: unknown certificate","time":"2019-10-10T15:48:15+03:00"}
{"level":"debug","msg":"http: TLS handshake error from 172.18.0.1:35900: EOF","time":"2019-10-10T15:56:02+03:00"}

Topic		Replies	Views
Traefik + Docker + LetsEncrypt \| Migration v1.7 => v2.0 \| epic fail! Traefik v2 (latest) docker , dashboard-api , letsencrypt-acme	4	3151	November 2, 2019
How to direct traefik 2 api site to a subdomain? Traefik v2 (latest) docker	4	4051	October 1, 2019
Traefik v2 with docker compose - external services possible? Traefik v2 (latest) docker	6	8994	September 6, 2020
TCP and HTTP/s docker example Traefik v2 (latest) docker	0	3570	December 17, 2020
Traefik reverse proxy doesn't work Traefik v2 (latest) docker	3	471	July 1, 2021

Traefik 1.7 to 2.0 Docker for Windows

Related Topics