Heya, I have recently purchased my VPS and it's currently running portainer and traefik. This is also working through cloudflare. So as shown in the title traefik is currently displaying letsencrypt certificates instead of my cloudflare origin certificate. This is my first time trying this so please forgive me if I'm making some silly mistake.
The expected outcome here for me would to have the cloudflare origin certificate show in the certificate viewer as opposed to the letsencrypt one. Not to sure what it is I'm doing wrong here any help is greatly appreciated!
This is my docker-compose.yml for portainer and traefik:
Interesting, are you sure the Cloudflare certificate should not be from LetsEncrypt? Maybe they use the free service, too.
You define a LetsEncrypt certificatesresolvers but it's not assigned to any service, so it should not be used. Have you tried removing the 4 lines?
Furthermore, what happens when you access your service directly, without Cloudflare? To test, just create a second DNS entry with the direct public IP of your VPS and a second router:
Hey thanks for your swift reply, I have since been bashing my head against a brick wall and have come to the following conclusion. I removed literally everything about letsencrypt from my server. Yet it was still using it. So with that being said I changed my log level to DEBUG to see what was going on. Turns out traefik is not finding my default certificate therefore uses the traefik default generated one.
This raised my eye brows significantly due to the fact that in my traefik dashboard my file provider is displayed meaning it's there
I have since taken on your advice, and I have recreated my certificate and tried .crt instead of .pem
but no cigar on that one.
Also a cloudflare origin certificate should look like this, This is an example:
Already tried that, sorry I should've said that. I have tried everything I can think of. When I created a whoami service or any other service as a matter of fact it still used the le cert, and cloudflare returns a timeout error.
I have a very similar setup and it seems to work fine.
Are you using the orange cloud option in the dns settings?
You used a certificate generated from the 'origin server' option on cloudflares SSL/TLS option right? I used and .pem and .key file. I didn't see a .crt file option there.
Do you have a univeral certificate for your domain and wildcards in the 'Edge Certificates' section of the same cloudflare menu? This is the certificate that CF would serve when visiting your site.
Have you tried clearing the site cache and putting your domain into 'development' mode on cloudflare?
These are things that gave me trouble at the beginning
I have tried every single one of these things prior to creating this thread, the file extension for example .pem, .crt doesn't matter, either way I tried both none worked.
They key is fine, but the certificate file only has -----BEGIN CERTIFICATE----- once. The contents was directly copied and pasted from cloudflare sooo.
Usually the cert file has 3 entries. Your individual one, some issuer and a root one. Maybe Traefik doesn’t use it because parts are missing. Check for how to create a full Cloudflare certificate.
I feel like this is a cloudflare issue and not a traefik issue. I think the cloudflare certificate will be served regardless of what traefik is doing. The origin cert is for traefik -> cloudflare traffic (needed for strict ssl mode).
I'm aware of what a cloudflare origin certificate is for, the problem here is that's not displaying in the browser, here's what my edge certs on cloudflare look like atm:
That makes no sense at all? Why tf would cloudflare give me half a certificate?? I have followed instructions to the letter to create a cloudflare origin certificate, also what I got is the same as what's shown in tutorials online.