Traefik issues self signed certificates

deyanira87 · June 23, 2023, 3:55am

Hi everyone.

I'm using docker with traefik 2.10 and dynamics files (yaml).
I'm facing a problem with container's domain certificate. I cannot use lets encrypt or other provider.
when I use my certificate which is configured with 2 files a .cert and a .key the web doesn´t work showing the error "404 page not found" in the web browser and in the traefik log I always get this errors:

level=error msg="accept tcp [::]:80: use of closed network connection" entryPointName=web
level=error msg="close tcp [::]:443: use of closed network connection" entryPointName=websecure

But If I use lets encrypt the problem is solved and I can surf the website without problems.

This is my traefik.yml configuration:

entryPoints:
  web:
    address: ":80"
    http:
      redirections:
        entryPoint:
          to: websecure
          scheme: https
  websecure:
    address: ":443"
    # http:
    #   tls:
    #     certResolver: lets-encrypt

providers:
  docker:
    endpoint: unix:///var/run/docker.sock
    exposedByDefault: false
    watch: true
    swarmMode: false
    
  file:
    directory: /etc/traefik/configuration
    watch: true

This is a fragment of my docker-compose file with the traefik config:

traefik:
    image: traefik:latest
    container_name: traefik
    restart: always
    networks:
      redesproxy:
        ipv4_address: 172.20.1.3
    ports:
      - "80:80"
      - "443:443"
    security_opt:
      - no-new-privileges:true
    volumes:
      - traefik_data:/etc/traefik
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./data/traefik.yml:/etc/traefik/traefik.yml
      - ./data/configuration:/etc/traefik/configuration **# Folder with dynamic configuration yml including certs files**

My web.yml dynamic file:

http:
  routers:
    www-web-develop:
      service: www-develop-service
      entryPoints:
        - websecure
      rule: "Host(`www.mydomain.com`)"
      middlewares:
        - gzip
  
  services:
    www-develop-service:
      loadBalancer: 
        servers:
          - url: "http://172.20.1.4:9007"

And finally in other yml file I have the certs config: (tls.yml)

tls:
  certificates:
    - certFile: /etc/traefik/configuration/certs/www.mydomain.com.crt
      keyFile: /etc/traefik/configuration/certs/www.mydomain.com.key

I check both files with OpenSSL and they have the same output.

What I missing in the certificates configuration? Or maybe I'm doing something wrong.

So... what do I need to do to get this domain with https work?

bluepuma77 · June 23, 2023, 5:52am

You need to enable TLS on entrypoint or router.

entryPoints:
  websecure:
    address: ':443'
    http:
      tls: {}

http:
  routers:
    my-https-router:
      tls: {}

(Doc, Doc)

deyanira87 · June 23, 2023, 2:20pm

Thanks for your answer.

I was reading the documentation but I don´t undertand how can I activate the http challenge with self signed certificates.

In this case, I haven't a certificatesResolvers configuration for the tls certificates. I handle in a standalone file (that was what I understood in the documentation)

What configuration I need to put in your code recomendation?

entryPoints:
  websecure:
    address: ':443'
    http:
      tls: {}  **<-- here**

and

http:
  routers:
    my-https-router:
      tls: {}  **<-- here**

if i'm using a tls.yml with only this code?

tls:
  certificates:
    - certFile: /etc/traefik/configuration/certs/www.mydomain.com.crt
      keyFile: /etc/traefik/configuration/certs/www.mydomain.com.key

If I use let's encrypt my code looks like this:

(...)
websecure:
    address: ":443"
    http:
      tls:
        certResolver: lets-encrypt

Best regards.

Blockquote

bluepuma77 · June 23, 2023, 3:28pm

If you want to use both, I recommend you enable custom TLS (tls: {}) or certresolver (tls: certResolver: myresolver) directly on the router.

deyanira87 · June 23, 2023, 5:55pm

Then if my self signed certificates are inside a tag "certificates" like in my yaml I can use something like this? Or isn't correct the code below?

websecure:
    address: ":443"
    http:
      tls:
        certResolver: **certificates**  <-- my self signed tls tag

Regards and thank for your help

bluepuma77 · June 23, 2023, 7:38pm

Load your custom TLS certs in a dynamic config file, load the config file in static config with provider.file and enable TLS on router with tls: {}.

Certresolver is only used for LetsEncrypt.

system · June 26, 2023, 7:38pm

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Use my own certificates for docker containers, but get -404 page not found- error Traefik v2 docker	1	878	November 23, 2021
Cannot get traefik to work with self-signed certificate - an exception cannot be added for the website Traefik v2 docker	9	2591	October 22, 2021
Certificates ssl static Traefik v2 docker , docker-swarm , letsencrypt-acme	5	13	November 20, 2024
Basic https configuration keep getting 404 Traefik v2 docker , file	3	1008	August 8, 2022
Bad certificate Traefik v2 docker , letsencrypt-acme	5	649	December 18, 2020

Traefik issues self signed certificates

Related topics