Yeah, I think I'm getting ahead of myself. I have started stripping down components to get a config like the one you linked:
traefik:
image: traefik:v3.0
restart: always
container_name: traefik
hostname: traefik
command:
- "--log.level=DEBUG"
- "--providers.docker.network=traefik"
- "--api.dashboard=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
# - "--entrypoints.web.http.redirections.entrypoint.to=websecure"
# - "--entryPoints.web.http.redirections.entrypoint.scheme=https"
- "--entrypoints.websecure.address=:443"
- "--entrypoints.websecure.asDefault=true"
- "--entrypoints.websecure.http.tls.certresolver=le"
- "--certificatesresolvers.le.acme.email=<LE EMAIL>"
- "--certificatesresolvers.le.acme.storage=/letsencrypt/acme.json"
- "--certificatesresolvers.le.acme.tlschallenge=true"
- "--entrypoints.websecure.http.tls.certresolver=le"
- "--certificatesresolvers.le.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
networks:
- traefik-network
ports:
- 443:443
- 80:80
volumes:
- "./letsencrypt:/letsencrypt"
- "./log:/log"
- "/var/run/docker.sock:/var/run/docker.sock"
labels:
- "traefik.enable=true"
- "traefik.http.routers.dashboard.rule=Host(`traefik.<DOMAIN 1>`)"
- "traefik.http.routers.dashboard.service=api@internal"
- "traefik.http.routers.dashboard.middlewares=traefik-auth"
- "traefik.http.middlewares.traefik-auth.basicauth.users=<AUTH CONFIG>"
In my Cloudflare configuration, I have set SSL/TLS encryption mode to Off. For now, I have content still proxied through their CDN and would like to keep it that way, but I might have to experiment with turning that off since I'm not getting a certificate at all it seems.
I first tried running Traefik with those two lines not commented out, but I got a redirected too many times error, so I tried commenting out.
Now I'm getting the default Traefik 404 page not found page. The log also contains a error relating to SSL:
traefik | 2023-06-18T22:35:46Z INF github.com/traefik/traefik/v2/cmd/traefik/traefik.go:100 > Traefik version 3.0.0-beta2 built on 2022-12-07T16:32:34Z version=3.0.0-beta2
traefik | 2023-06-18T22:35:46Z DBG github.com/traefik/traefik/v2/cmd/traefik/traefik.go:107 > Static configuration loaded [json] staticConfiguration={"api":{"dashboard":true},"certificatesResolvers":{"le":{"acme":{"caServer":"https://acme-staging-v02.api.letsencrypt.org/directory","certificatesDuration":2160,"email":"<LE EMAIL>","keyType":"RSA4096","storage":"/letsencrypt/acme.json","tlsChallenge":{}}}},"entryPoints":{"web":{"address":":80","forwardedHeaders":{},"http":{"redirections":{"entryPoint":{"permanent":true,"priority":2147483646,"scheme":"https","to":"websecure"}}},"http2":{"maxConcurrentStreams":250},"transport":{"lifeCycle":{"graceTimeOut":"10s"},"respondingTimeouts":{"idleTimeout":"3m0s"}},"udp":{"timeout":"3s"}},"websecure":{"address":":443","asDefault":true,"forwardedHeaders":{},"http":{"tls":{"certResolver":"le"}},"http2":{"maxConcurrentStreams":250},"transport":{"lifeCycle":{"graceTimeOut":"10s"},"respondingTimeouts":{"idleTimeout":"3m0s"}},"udp":{"timeout":"3s"}}},"global":{"checkNewVersion":true},"log":{"format":"common","level":"DEBUG"},"providers":{"docker":{"defaultRule":"Host(`{{ normalize .Name }}`)","endpoint":"unix:///var/run/docker.sock","network":"traefik","swarmModeRefreshSeconds":"15s","watch":true},"providersThrottleDuration":"2s"},"serversTransport":{"maxIdleConnsPerHost":200}}
traefik | 2023-06-18T22:35:46Z INF github.com/traefik/traefik/v2/cmd/traefik/traefik.go:685 >
traefik | Stats collection is disabled.
traefik | Help us improve Traefik by turning this feature on :)
traefik | More details on: https://doc.traefik.io/traefik/contributing/data-collection/
traefik |
traefik | 2023-06-18T22:35:46Z INF github.com/traefik/traefik/v2/pkg/server/configurationwatcher.go:72 > Starting provider aggregator aggregator.ProviderAggregator
traefik | 2023-06-18T22:35:46Z DBG github.com/traefik/traefik/v2/pkg/server/server_entrypoint_tcp.go:188 > Starting TCP Server entryPointName=web
traefik | 2023-06-18T22:35:46Z DBG github.com/traefik/traefik/v2/pkg/server/server_entrypoint_tcp.go:188 > Starting TCP Server entryPointName=websecure
traefik | 2023-06-18T22:35:46Z INF github.com/traefik/traefik/v2/pkg/provider/aggregator/aggregator.go:207 > Starting provider *acme.ChallengeTLSALPN
traefik | 2023-06-18T22:35:46Z INF github.com/traefik/traefik/v2/pkg/provider/aggregator/aggregator.go:207 > Starting provider *traefik.Provider
traefik | 2023-06-18T22:35:46Z DBG github.com/traefik/traefik/v2/pkg/provider/aggregator/aggregator.go:208 > *acme.ChallengeTLSALPN provider configuration config={}
traefik | 2023-06-18T22:35:46Z DBG github.com/traefik/traefik/v2/pkg/provider/aggregator/aggregator.go:208 > *traefik.Provider provider configuration config={}
traefik | 2023-06-18T22:35:46Z INF github.com/traefik/traefik/v2/pkg/provider/aggregator/aggregator.go:207 > Starting provider *docker.Provider
traefik | 2023-06-18T22:35:46Z DBG github.com/traefik/traefik/v2/pkg/provider/aggregator/aggregator.go:208 > *docker.Provider provider configuration config={"defaultRule":"Host(`{{ normalize .Name }}`)","endpoint":"unix:///var/run/docker.sock","network":"traefik","swarmModeRefreshSeconds":"15s","watch":true}
traefik | 2023-06-18T22:35:46Z INF github.com/traefik/traefik/v2/pkg/provider/aggregator/aggregator.go:207 > Starting provider *acme.Provider
traefik | 2023-06-18T22:35:46Z DBG github.com/traefik/traefik/v2/pkg/provider/aggregator/aggregator.go:208 > *acme.Provider provider configuration config={"HTTPChallengeProvider":{},"ResolverName":"le","TLSChallengeProvider":{},"caServer":"https://acme-staging-v02.api.letsencrypt.org/directory","certificatesDuration":2160,"email":"<LE EMAIL>","keyType":"RSA4096","storage":"/letsencrypt/acme.json","store":{},"tlsChallenge":{}}
traefik | 2023-06-18T22:35:46Z DBG github.com/traefik/traefik/v2/pkg/provider/acme/provider.go:214 > Attempt to renew certificates "720h0m0s" before expiry and check every "24h0m0s" acmeCA=https://acme-staging-v02.api.letsencrypt.org/directory providerName=le.acme
traefik | 2023-06-18T22:35:46Z INF github.com/traefik/traefik/v2/pkg/provider/acme/provider.go:798 > Testing certificate renew... acmeCA=https://acme-staging-v02.api.letsencrypt.org/directory providerName=le.acme
traefik | 2023-06-18T22:35:46Z DBG github.com/traefik/traefik/v2/pkg/server/configurationwatcher.go:217 > Configuration received config={"http":{"middlewares":{"redirect-web-to-websecure":{"redirectScheme":{"permanent":true,"port":"443","scheme":"https"}}},"models":{"websecure":{"tls":{"certResolver":"le"}}},"routers":{"web-to-websecure":{"entryPoints":["web"],"middlewares":["redirect-web-to-websecure"],"priority":2147483646,"rule":"HostRegexp(`^.+$`)","service":"noop@internal"}},"serversTransports":{"default":{"maxIdleConnsPerHost":200}},"services":{"api":{},"dashboard":{},"noop":{}}},"tcp":{},"tls":{},"udp":{}} providerName=internal
traefik | 2023-06-18T22:35:46Z DBG github.com/traefik/traefik/v2/pkg/server/configurationwatcher.go:217 > Configuration received config={"http":{},"tcp":{},"tls":{},"udp":{}} providerName=le.acme
traefik | 2023-06-18T22:35:46Z DBG github.com/traefik/traefik/v2/pkg/provider/docker/docker.go:217 > Provider connection established with docker 24.0.2 (API 1.43) providerName=docker
traefik | 2023-06-18T22:35:46Z DBG github.com/traefik/traefik/v2/pkg/provider/docker/config.go:173 > Filtering disabled container container=mc-minecraft-91bdeb76667e0f7391d745f07d15412f1f810aeca905614dd239140ee2d7a137 providerName=docker
traefik | 2023-06-18T22:35:46Z DBG github.com/traefik/traefik/v2/pkg/server/configurationwatcher.go:217 > Configuration received config={"http":{"middlewares":{"traefik-auth":{"basicAuth":{"users":["<AUTH CONFIG>"]}}},"routers":{"dashboard":{"middlewares":["traefik-auth"],"rule":"Host(`traefik.<DOMAIN 1>`)","service":"api@internal"}},"services":{"traefik-traefik":{"loadBalancer":{"passHostHeader":true,"responseForwarding":{"flushInterval":"100ms"},"servers":[{"url":"http://172.18.0.2:80"}]}}}},"tcp":{},"udp":{}} providerName=docker
traefik | 2023-06-18T22:35:46Z DBG github.com/traefik/traefik/v2/pkg/tls/tlsmanager.go:294 > No default certificate, fallback to the internal generated certificate tlsStoreName=default
traefik | 2023-06-18T22:35:46Z DBG github.com/traefik/traefik/v2/pkg/middlewares/tracing/forwarder.go:26 > Added outgoing tracing middleware entryPointName=web middlewareName=tracing middlewareType=TracingForwarder routerName=web-to-websecure@internal serviceName=noop@internal
traefik | 2023-06-18T22:35:46Z DBG github.com/traefik/traefik/v2/pkg/middlewares/redirect/redirect_scheme.go:23 > Creating middleware entryPointName=web middlewareName=redirect-web-to-websecure@internal middlewareType=RedirectScheme routerName=web-to-websecure@internal
traefik | 2023-06-18T22:35:46Z DBG github.com/traefik/traefik/v2/pkg/middlewares/redirect/redirect_scheme.go:24 > Setting up redirection to https 443 entryPointName=web middlewareName=redirect-web-to-websecure@internal middlewareType=RedirectScheme routerName=web-to-websecure@internal
traefik | 2023-06-18T22:35:46Z DBG github.com/traefik/traefik/v2/pkg/middlewares/tracing/wrapper.go:32 > Adding tracing to middleware entryPointName=web middlewareName=redirect-web-to-websecure@internal routerName=web-to-websecure@internal
traefik | 2023-06-18T22:35:46Z DBG github.com/traefik/traefik/v2/pkg/middlewares/recovery/recovery.go:22 > Creating middleware entryPointName=web middlewareName=traefik-internal-recovery middlewareType=Recovery
traefik | 2023-06-18T22:35:46Z DBG github.com/traefik/traefik/v2/pkg/server/aggregator.go:47 > No entryPoint defined for this router, using the default one(s) instead entryPointName=["websecure"] routerName=dashboard
traefik | 2023-06-18T22:35:46Z DBG github.com/traefik/traefik/v2/pkg/tls/tlsmanager.go:294 > No default certificate, fallback to the internal generated certificate tlsStoreName=default
traefik | 2023-06-18T22:35:46Z DBG github.com/traefik/traefik/v2/pkg/middlewares/tracing/forwarder.go:26 > Added outgoing tracing middleware entryPointName=web middlewareName=tracing middlewareType=TracingForwarder routerName=web-to-websecure@internal serviceName=noop@internal
traefik | 2023-06-18T22:35:46Z DBG github.com/traefik/traefik/v2/pkg/middlewares/redirect/redirect_scheme.go:23 > Creating middleware entryPointName=web middlewareName=redirect-web-to-websecure@internal middlewareType=RedirectScheme routerName=web-to-websecure@internal
traefik | 2023-06-18T22:35:46Z DBG github.com/traefik/traefik/v2/pkg/middlewares/redirect/redirect_scheme.go:24 > Setting up redirection to https 443 entryPointName=web middlewareName=redirect-web-to-websecure@internal middlewareType=RedirectScheme routerName=web-to-websecure@internal
traefik | 2023-06-18T22:35:46Z DBG github.com/traefik/traefik/v2/pkg/middlewares/tracing/wrapper.go:32 > Adding tracing to middleware entryPointName=web middlewareName=redirect-web-to-websecure@internal routerName=web-to-websecure@internal
traefik | 2023-06-18T22:35:46Z DBG github.com/traefik/traefik/v2/pkg/middlewares/recovery/recovery.go:22 > Creating middleware entryPointName=web middlewareName=traefik-internal-recovery middlewareType=Recovery
traefik | 2023-06-18T22:35:46Z DBG github.com/traefik/traefik/v2/pkg/middlewares/tracing/forwarder.go:26 > Added outgoing tracing middleware entryPointName=websecure middlewareName=tracing middlewareType=TracingForwarder routerName=dashboard@docker serviceName=api@internal
traefik | 2023-06-18T22:35:46Z DBG github.com/traefik/traefik/v2/pkg/middlewares/auth/basic_auth.go:33 > Creating middleware entryPointName=websecure middlewareName=traefik-auth@docker middlewareType=BasicAuth routerName=dashboard@docker
traefik | 2023-06-18T22:35:46Z DBG github.com/traefik/traefik/v2/pkg/middlewares/tracing/wrapper.go:32 > Adding tracing to middleware entryPointName=websecure middlewareName=traefik-auth@docker routerName=dashboard@docker
traefik | 2023-06-18T22:35:46Z DBG github.com/traefik/traefik/v2/pkg/middlewares/recovery/recovery.go:22 > Creating middleware entryPointName=websecure middlewareName=traefik-internal-recovery middlewareType=Recovery
traefik | 2023-06-18T22:35:46Z DBG github.com/traefik/traefik/v2/pkg/server/router/tcp/manager.go:235 > Adding route for traefik.<DOMAIN 1> with TLS options default entryPointName=websecure
traefik | 2023-06-18T22:35:46Z DBG github.com/traefik/traefik/v2/pkg/provider/acme/provider.go:385 > Trying to challenge certificate for domain [traefik.<DOMAIN 1>] found in HostSNI rule acmeCA=https://acme-staging-v02.api.letsencrypt.org/directory providerName=le.acme routerName=dashboard@docker rule=Host(`traefik.<DOMAIN 1>`)
traefik | 2023-06-18T22:35:46Z DBG github.com/traefik/traefik/v2/pkg/provider/acme/provider.go:847 > Looking for provided certificate(s) to validate ["traefik.<DOMAIN 1>"]... acmeCA=https://acme-staging-v02.api.letsencrypt.org/directory providerName=le.acme routerName=dashboard@docker rule=Host(`traefik.<DOMAIN 1>`)
traefik | 2023-06-18T22:35:46Z DBG github.com/traefik/traefik/v2/pkg/provider/acme/provider.go:893 > Domains need ACME certificates generation for domains "traefik.<DOMAIN 1>". acmeCA=https://acme-staging-v02.api.letsencrypt.org/directory domains=["traefik.<DOMAIN 1>"] providerName=le.acme routerName=dashboard@docker rule=Host(`traefik.<DOMAIN 1>`)
traefik | 2023-06-18T22:35:46Z DBG github.com/traefik/traefik/v2/pkg/provider/acme/provider.go:621 > Loading ACME certificates [traefik.<DOMAIN 1>]... acmeCA=https://acme-staging-v02.api.letsencrypt.org/directory providerName=le.acme routerName=dashboard@docker rule=Host(`traefik.<DOMAIN 1>`)
traefik | 2023-06-18T22:35:47Z DBG github.com/traefik/traefik/v2/pkg/provider/acme/provider.go:252 > Building ACME client... providerName=le.acme
traefik | 2023-06-18T22:35:47Z DBG github.com/traefik/traefik/v2/pkg/provider/acme/provider.go:258 > https://acme-staging-v02.api.letsencrypt.org/directory providerName=le.acme
traefik | 2023-06-18T22:35:48Z INF github.com/traefik/traefik/v2/pkg/provider/acme/provider.go:372 > Register... providerName=le.acme
traefik | 2023-06-18T22:35:48Z DBG github.com/go-acme/lego/v4@v4.9.1/log/logger.go:48 > [INFO] acme: Registering account for <LE EMAIL> lib=lego
traefik | 2023-06-18T22:35:48Z DBG github.com/traefik/traefik/v2/pkg/provider/acme/provider.go:332 > Using TLS Challenge provider. providerName=le.acme
traefik | 2023-06-18T22:35:48Z DBG github.com/go-acme/lego/v4@v4.9.1/log/logger.go:48 > [INFO] [traefik.<DOMAIN 1>] acme: Obtaining bundled SAN certificate lib=lego
traefik | 2023-06-18T22:35:48Z DBG github.com/go-acme/lego/v4@v4.9.1/log/logger.go:48 > [INFO] [traefik.<DOMAIN 1>] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/<LE ID> lib=lego
traefik | 2023-06-18T22:35:48Z DBG github.com/go-acme/lego/v4@v4.9.1/log/logger.go:48 > [INFO] [traefik.<DOMAIN 1>] acme: use tls-alpn-01 solver lib=lego
traefik | 2023-06-18T22:35:48Z DBG github.com/go-acme/lego/v4@v4.9.1/log/logger.go:48 > [INFO] [traefik.<DOMAIN 1>] acme: Trying to solve TLS-ALPN-01 lib=lego
traefik | 2023-06-18T22:35:48Z DBG github.com/traefik/traefik/v2/pkg/provider/acme/challenge_tls.go:41 > TLS Challenge Present temp certificate for traefik.<DOMAIN 1> providerName=tlsalpn.acme
traefik | 2023-06-18T22:35:48Z DBG github.com/traefik/traefik/v2/pkg/server/configurationwatcher.go:217 > Configuration received config={"http":{},"tcp":{},"tls":{},"udp":{}} providerName=tlsalpn.acme
traefik | 2023-06-18T22:35:48Z DBG github.com/traefik/traefik/v2/pkg/server/aggregator.go:47 > No entryPoint defined for this router, using the default one(s) instead entryPointName=["websecure"] routerName=dashboard
traefik | 2023-06-18T22:35:48Z DBG github.com/traefik/traefik/v2/pkg/tls/certificate.go:158 > Adding certificate for domain(s) acme challenge temp,traefik.<DOMAIN 1>
traefik | 2023-06-18T22:35:48Z DBG github.com/traefik/traefik/v2/pkg/tls/tlsmanager.go:294 > No default certificate, fallback to the internal generated certificate tlsStoreName=default
traefik | 2023-06-18T22:35:48Z DBG github.com/traefik/traefik/v2/pkg/middlewares/tracing/forwarder.go:26 > Added outgoing tracing middleware entryPointName=web middlewareName=tracing middlewareType=TracingForwarder routerName=web-to-websecure@internal serviceName=noop@internal
traefik | 2023-06-18T22:35:48Z DBG github.com/traefik/traefik/v2/pkg/middlewares/redirect/redirect_scheme.go:23 > Creating middleware entryPointName=web middlewareName=redirect-web-to-websecure@internal middlewareType=RedirectScheme routerName=web-to-websecure@internal
traefik | 2023-06-18T22:35:48Z DBG github.com/traefik/traefik/v2/pkg/middlewares/redirect/redirect_scheme.go:24 > Setting up redirection to https 443 entryPointName=web middlewareName=redirect-web-to-websecure@internal middlewareType=RedirectScheme routerName=web-to-websecure@internal
traefik | 2023-06-18T22:35:48Z DBG github.com/traefik/traefik/v2/pkg/middlewares/tracing/wrapper.go:32 > Adding tracing to middleware entryPointName=web middlewareName=redirect-web-to-websecure@internal routerName=web-to-websecure@internal
traefik | 2023-06-18T22:35:48Z DBG github.com/traefik/traefik/v2/pkg/middlewares/recovery/recovery.go:22 > Creating middleware entryPointName=web middlewareName=traefik-internal-recovery middlewareType=Recovery
traefik | 2023-06-18T22:35:48Z DBG github.com/traefik/traefik/v2/pkg/middlewares/tracing/forwarder.go:26 > Added outgoing tracing middleware entryPointName=websecure middlewareName=tracing middlewareType=TracingForwarder routerName=dashboard@docker serviceName=api@internal
traefik | 2023-06-18T22:35:48Z DBG github.com/traefik/traefik/v2/pkg/middlewares/auth/basic_auth.go:33 > Creating middleware entryPointName=websecure middlewareName=traefik-auth@docker middlewareType=BasicAuth routerName=dashboard@docker
traefik | 2023-06-18T22:35:48Z DBG github.com/traefik/traefik/v2/pkg/middlewares/tracing/wrapper.go:32 > Adding tracing to middleware entryPointName=websecure middlewareName=traefik-auth@docker routerName=dashboard@docker
traefik | 2023-06-18T22:35:48Z DBG github.com/traefik/traefik/v2/pkg/middlewares/recovery/recovery.go:22 > Creating middleware entryPointName=websecure middlewareName=traefik-internal-recovery middlewareType=Recovery
traefik | 2023-06-18T22:35:48Z DBG github.com/traefik/traefik/v2/pkg/server/router/tcp/manager.go:235 > Adding route for traefik.<DOMAIN 1> with TLS options default entryPointName=websecure
traefik | 2023-06-18T22:35:48Z DBG github.com/traefik/traefik/v2/pkg/provider/acme/provider.go:385 > Trying to challenge certificate for domain [traefik.<DOMAIN 1>] found in HostSNI rule acmeCA=https://acme-staging-v02.api.letsencrypt.org/directory providerName=le.acme routerName=dashboard@docker rule=Host(`traefik.<DOMAIN 1>`)
traefik | 2023-06-18T22:35:48Z DBG github.com/traefik/traefik/v2/pkg/provider/acme/provider.go:847 > Looking for provided certificate(s) to validate ["traefik.<DOMAIN 1>"]... acmeCA=https://acme-staging-v02.api.letsencrypt.org/directory providerName=le.acme routerName=dashboard@docker rule=Host(`traefik.<DOMAIN 1>`)
traefik | 2023-06-18T22:35:48Z DBG github.com/traefik/traefik/v2/pkg/provider/acme/provider.go:891 > No ACME certificate generation required for domains acmeCA=https://acme-staging-v02.api.letsencrypt.org/directory domains=["traefik.<DOMAIN 1>"] providerName=le.acme routerName=dashboard@docker rule=Host(`traefik.<DOMAIN 1>`)
traefik | 2023-06-18T22:35:53Z DBG github.com/traefik/traefik/v2/pkg/provider/acme/challenge_tls.go:88 > TLS Challenge CleanUp temp certificate for traefik.<DOMAIN 1> providerName=tlsalpn.acme
traefik | 2023-06-18T22:35:53Z DBG github.com/traefik/traefik/v2/pkg/server/configurationwatcher.go:217 > Configuration received config={"http":{},"tcp":{},"tls":{},"udp":{}} providerName=tlsalpn.acme
traefik | 2023-06-18T22:35:53Z DBG github.com/traefik/traefik/v2/pkg/server/aggregator.go:47 > No entryPoint defined for this router, using the default one(s) instead entryPointName=["websecure"] routerName=dashboard
traefik | 2023-06-18T22:35:53Z DBG github.com/traefik/traefik/v2/pkg/tls/tlsmanager.go:294 > No default certificate, fallback to the internal generated certificate tlsStoreName=default
traefik | 2023-06-18T22:35:53Z DBG github.com/traefik/traefik/v2/pkg/middlewares/tracing/forwarder.go:26 > Added outgoing tracing middleware entryPointName=web middlewareName=tracing middlewareType=TracingForwarder routerName=web-to-websecure@internal serviceName=noop@internal
traefik | 2023-06-18T22:35:53Z DBG github.com/traefik/traefik/v2/pkg/middlewares/redirect/redirect_scheme.go:23 > Creating middleware entryPointName=web middlewareName=redirect-web-to-websecure@internal middlewareType=RedirectScheme routerName=web-to-websecure@internal
traefik | 2023-06-18T22:35:53Z DBG github.com/traefik/traefik/v2/pkg/middlewares/redirect/redirect_scheme.go:24 > Setting up redirection to https 443 entryPointName=web middlewareName=redirect-web-to-websecure@internal middlewareType=RedirectScheme routerName=web-to-websecure@internal
traefik | 2023-06-18T22:35:53Z DBG github.com/traefik/traefik/v2/pkg/middlewares/tracing/wrapper.go:32 > Adding tracing to middleware entryPointName=web middlewareName=redirect-web-to-websecure@internal routerName=web-to-websecure@internal
traefik | 2023-06-18T22:35:53Z DBG github.com/traefik/traefik/v2/pkg/middlewares/recovery/recovery.go:22 > Creating middleware entryPointName=web middlewareName=traefik-internal-recovery middlewareType=Recovery
traefik | 2023-06-18T22:35:53Z DBG github.com/traefik/traefik/v2/pkg/middlewares/tracing/forwarder.go:26 > Added outgoing tracing middleware entryPointName=websecure middlewareName=tracing middlewareType=TracingForwarder routerName=dashboard@docker serviceName=api@internal
traefik | 2023-06-18T22:35:53Z DBG github.com/traefik/traefik/v2/pkg/middlewares/auth/basic_auth.go:33 > Creating middleware entryPointName=websecure middlewareName=traefik-auth@docker middlewareType=BasicAuth routerName=dashboard@docker
traefik | 2023-06-18T22:35:53Z DBG github.com/traefik/traefik/v2/pkg/middlewares/tracing/wrapper.go:32 > Adding tracing to middleware entryPointName=websecure middlewareName=traefik-auth@docker routerName=dashboard@docker
traefik | 2023-06-18T22:35:53Z DBG github.com/traefik/traefik/v2/pkg/middlewares/recovery/recovery.go:22 > Creating middleware entryPointName=websecure middlewareName=traefik-internal-recovery middlewareType=Recovery
traefik | 2023-06-18T22:35:53Z DBG github.com/traefik/traefik/v2/pkg/server/router/tcp/manager.go:235 > Adding route for traefik.<DOMAIN 1> with TLS options default entryPointName=websecure
traefik | 2023-06-18T22:35:53Z DBG github.com/traefik/traefik/v2/pkg/provider/acme/provider.go:385 > Trying to challenge certificate for domain [traefik.<DOMAIN 1>] found in HostSNI rule acmeCA=https://acme-staging-v02.api.letsencrypt.org/directory providerName=le.acme routerName=dashboard@docker rule=Host(`traefik.<DOMAIN 1>`)
traefik | 2023-06-18T22:35:53Z DBG github.com/traefik/traefik/v2/pkg/provider/acme/provider.go:847 > Looking for provided certificate(s) to validate ["traefik.<DOMAIN 1>"]... acmeCA=https://acme-staging-v02.api.letsencrypt.org/directory providerName=le.acme routerName=dashboard@docker rule=Host(`traefik.<DOMAIN 1>`)
traefik | 2023-06-18T22:35:53Z DBG github.com/traefik/traefik/v2/pkg/provider/acme/provider.go:891 > No ACME certificate generation required for domains acmeCA=https://acme-staging-v02.api.letsencrypt.org/directory domains=["traefik.<DOMAIN 1>"] providerName=le.acme routerName=dashboard@docker rule=Host(`traefik.<DOMAIN 1>`)
traefik | 2023-06-18T22:35:53Z DBG github.com/go-acme/lego/v4@v4.9.1/log/logger.go:48 > [INFO] Deactivating auth: https://acme-staging-v02.api.letsencrypt.org/acme/authz-v3/<LE ID> lib=lego
traefik | 2023-06-18T22:35:54Z ERR github.com/traefik/traefik/v2/pkg/provider/acme/provider.go:397 > Unable to obtain ACME certificate for domains error="unable to generate a certificate for the domains [traefik.<DOMAIN 1>]: error: one or more domains had a problem:\n[traefik.<DOMAIN 1>] acme: error: 403 :: urn:ietf:params:acme:error:unauthorized :: Cannot negotiate ALPN protocol \"acme-tls/1\" for tls-alpn-01 challenge\n" acmeCA=https://acme-staging-v02.api.letsencrypt.org/directory domains=["traefik.<DOMAIN 1>"] providerName=le.acme routerName=dashboard@docker rule=Host(`traefik.<DOMAIN 1>`)
I'm really not sure what could be the problem anymore. I turned all other services off and even disabled the proxy sitting between Traefik and the Docker socket. I upgraded to the latest beta version and played with my Cloudflare config.