Intro:
- I am running a Docker Swarm cluster with a few applications, and using Traefik 2.2 as a reverse proxy.
- I have 2 environments (prod and staging), running the same config except for the subdomains.
- The TLS cert works on one sub-domain but not the other, which is driving me crazy.
On the environment that has working HTTPS, a cert is generated and working. On the environment that is not working, Traefik creates a .json cerfificate file, but the file remains empty.
This is the Traefik config in my docker-compose:
traefik:
command:
- --providers.docker
- --providers.docker.constraints=Label(`traefik.constraint-label-stack`, `traefik-stack-public`)
- --providers.docker.exposedbydefault=false
- --providers.docker.swarmmode
- --entrypoints.http.address=:80
- --entrypoints.http.http.redirections.entryPoint.to=https
- --entrypoints.http.http.redirections.entryPoint.scheme=https
- --entrypoints.http.http.redirections.entrypoint.permanent=true
- --entrypoints.https.address=:443
- --certificatesresolvers.le.acme.email=[REDACTED]
- --certificatesresolvers.le.acme.storage=/certificates/acme.json
- --certificatesresolvers.le.acme.tlschallenge=true
- --accesslog
- --log.level=DEBUG
- --api
deploy:
labels:
- traefik.enable=true
- traefik.docker.network=traefik-public
- traefik.constraint-label=traefik-public
- traefik.http.middlewares.https-redirect.redirectscheme.scheme=https
- traefik.http.middlewares.https-redirect.redirectscheme.permanent=true
- traefik.http.routers.traefik-public-http.rule=Host(`app.[REDACTED].com`)
- traefik.http.routers.traefik-public-http.entrypoints=http
- traefik.http.routers.traefik-public-http.middlewares=https-redirect
- traefik.http.routers.traefik-public-https.rule=Host(`app.[REDACTED].com`)
- traefik.http.routers.traefik-public-https.entrypoints=https
- traefik.http.routers.traefik-public-https.tls=true
- traefik.http.routers.traefik-public-https.service=api@internal
- traefik.http.routers.traefik-public-https.tls.certresolver=le
- traefik.http.services.traefik-public.loadbalancer.server.port=8080
placement:
constraints:
- node.labels.traefik-public.traefik-public-certificates == true
image: traefik:v2.2
networks:
default: null
traefik-public: null
ports:
- published: 80
target: 80
- published: 443
target: 443
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- traefik-public-certificates:/certificates:rw
This config is identical to the one of the working environment, except for the host which uses "test.[...]" instead of "app.[...]".
I can see in the working environment that I get a log entry:
time="2022-03-28T14:45:54Z" level=debug msg="Configuration received from provider le.acme: {\"http\":{},\"tls\":{}}" providerName=le.acme
time="2022-03-28T14:45:54Z" level=debug msg="Adding certificate for domain(s) test.[REDACTED].com"
Whereas in the other environment, I do not get the second message at any point.
I get no Errors in the logs, nor any warnings that I do not also get in the working env.
I would appreciate any input on this matter. Thanks in advance!