traefik (I believe) 1.7.12; 'latest' tag as of July 2, 2019
Established stable configuration has been running for quite some time (long enough for the certs to need to be renewed, at least once - honestly I can't even remember how long) and today, all of my sites fail SSL - certificate out of date. Traefik has not been renewing them. As a diagnostic, I attempted to reset acme data by removing acme.json - now when I start Traefik, I get the following:
time="2019-07-02T08:06:45Z" level=error msg="Unable to obtain ACME certificate for domains \"<snip>\" detected thanks to rule \"Host:<snip>\" : cannot get ACME client cloudflare: some credentials information are missing: CLOUDFLARE_EMAIL,CLOUDFLARE_API_KEY"
Meanwhile, Portainer (and docker inspect) both show the same environment variables I had previously configured, during initial setup. These values have not changed; I use the same email, and it has the same API key.
Portainer shows the same environment variables, and they're also correct (of course);
I attempted to docker exec a shell to inspect it from the inside but there don't seem to be any (that I can figure out) and from there I don't know where to go to resolve this bug.
CF_API_EMAIL and CF_API_KEY contains spaces before and after the =, this is not a valid syntax for env vars and I think it's a the root cause of your problem.
the values of CF_API_EMAIL and CF_API_KEY contains quote \", then the values read by Traefik will contains quotes and this will result to a invalid key and email.
Regarding the default docker image, I pretty much assumed that would be the case - more and more containers are going that way, and I do appreciate the slimming efforts. I would suggest a note in the documentation somewhere indicating that the alpine build exists and contains a shell binary to assist with troubleshooting, etc etc -- if I had known as much, I would not have wasted your time. My exact intent was to pull a shell up and check if the environment variables were being properly parsed, IE, if I had done exactly what you so swiftly realized I had done.
Speaking of which - you are of course correct on both counts. The spaces and the quotes were both present (not literal-quote IE " in the text, that appears to be a formatting-mangling thing somewhere between the terminal, browser, Github, and/or here) and both caused separate sorts of errors when removed independently (I wanted to learn how it would react to each in turn) and upon re-launching .....there's no 'docker logs' output. I probably have logging turned down/off or some such, but Cloudflare is showing DNS _acme-challenge TXT entries so it's certainly working now!