Traefik doesn't write in acme.json on version 2.3.4

I see an empty acme.json using Docker Compose and also with Docker Swarm. So, always that i update a service in production with Swarm, Traefik requests a new certificate and with the number of deploys we do in a week, the 50 requests per week allowed by Let's Encrypt are exceeded, and the result is an invalid certificate generated by Traefik that our users see and as this happens our users can't see the page because in Chrome and other browsers alerts that it is not secure.

I'm going to share the static and dynamic configuration (only the service of my app inside the docker-compose.yml and the service for Traefik).

Static config file:

api:
  dashboard: true
  insecure: true

providers:
  docker:
    watch: true
    exposedByDefault: false
    swarmMode: true

log:
  level: INFO

entryPoints:
  web:
    address: ":80"
    http:
      redirections:
        entryPoint:
          to: websecure
          scheme: https
  websecure:
    address: ":443"

certificatesResolvers:
  myappresolver:
    acme:
      email: support@myapp.co
      storage: "acme.json"
      dnsChallenge:
        provider: digitalocean
        delayBeforeCheck: 0

http:
  middlewares:
    app-redirectregex:
      redirectRegex:
        regex: "^https://www.myapp.co/(.*)"
        replacement: "https://myapp.co/${1}"
        permanent: true

And finally the two services from the docker-compose.yml (Traefik and app services):

traefik:
    image: traefik:2.3
    ports:
      - 80:80
      - 443:443
      # traefik dashboard
      - 8080:8080
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /root/traefik/traefik.yml:/etc/traefik/traefik.yml
      - /root/traefik:/etc/traefik:rw
    environment: 
      - "DO_AUTH_TOKEN=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
    deploy:
      mode: replicated
      replicas: 1
      update_config:
        parallelism: 2
        delay: 10s
      restart_policy:
        condition: on-failure
      placement:
        constraints:
         - node.role==manager
    networks:
      - proxy
      - app_net

app:
    image: registry.gitlab.com/myapp/myapp:1.9.1
    networks:
      - app_net
      - proxy
    logging: 
      driver: "json-file"
      options:
        max-file: 5
        max-size: 10m
    deploy:
      replicas: 1
      update_config:
        parallelism: 2
        delay: 10s
      restart_policy:
        condition: on-failure
      labels:
        - "traefik.enable=true"
        # routers
        - "traefik.http.routers.app.rule=Host(`myapp.co`) || Host(`www.myapp.co`)"
        - "traefik.http.routers.app.middlewares=app-compress"
        - "traefik.http.routers.app.middlewares=app-nonwww-redirect"
        - "traefik.http.routers.app.entrypoints=web,websecure"
        - "traefik.http.routers.app.tls.certresolver=myappresolver"
        # services
        - "traefik.http.routers.app.service=app"
        - "traefik.http.services.app.loadbalancer.server.port=80"

        # middlewares
        - "traefik.http.middlewares.app-nonwww-redirect.redirectregex.regex=^https://www.myapp.co/(.*)"
        - "traefik.http.middlewares.app-nonwww-redirect.redirectregex.replacement=https://myapp.co/$${1}"
        - "traefik.http.middlewares.app-nonwww-redirect.redirectregex.permanent=true"
        - "traefik.http.middlewares.app-compress.compress=true"

The acme.json file is inside /root/traefik directory. By that reason i use in my traefik service the volume bind "/root/traefik:/etc/traefik:rw". Is that wrong? or maybe another thing?

Thank you so much for your support, and hope it has solution.

Did you check the acme.json file permission? I mean chmod 600 acme.json

Hi SiroDiaz, is your www to non-www regex redirection working?

Yes, permission is 600 in that file.

Yes, it's working but i really had problems to get it work.

Solved. The error was the directory where is placed acme.json because i didn't change the storage property in the static config file.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.