Traefik Not Storing Cert

Hunt112 · February 13, 2024, 2:22am

Every time I update my server via docker compose I seem to lose my cert and now my site is stuck with a default cert. What am I doing wrong? Compose followed by Traefik static config. Should I check there's not an incorrect cert stored somewhere?

version: '3.8'

services:
  traefik:
    # The latest official supported Traefik docker image
    image: traefik:v2.3
    # Enables the Traefik Dashboard and tells Traefik to listen to docker
    # enable --log.level=INFO so we can see what Traefik is doing in the log files
    ports:
      # Exposes port 80 for incomming web requests
      - "80:80"
      - "443:443"
      # The Web UI port http://0.0.0.0:8080 (enabled by --api.insecure=true)
      - "8080:8080"
    volumes:
      # So that Traefik can listen to the Docker events
      - /var/run/docker.sock:/var/run/docker.sock
      # Copies the Let's Encrypt certificate locally for ease of backing up
      - ./letsencrypt:/letsencrypt
      # Mounts the Traefik static configuration inside the Traefik container
      - /home/paperspace/config:/etc/traefik/
    environment:
      - "DO_AUTH_TOKEN=dop_v1_*********"
    networks:
      - service-network
    restart: always


  konig-webui:
    image: "service/service:latest"
    container_name: "service-webui"
    volumes:
      - "service-webui:/app/backend/data"
    networks:
      - service-network
    environment:
      - "API_BASE_URL=http://10.8.78.3:11434/api"
      - "WEBUI_SECRET_KEY="
      - "APP_BASE_URL=https://service.com"
    extra_hosts:
      - "host.docker.internal:host-gateway"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.service-webui.rule=Host(`service.com`,`www.service.com`)"
      - "traefik.http.routers.service-webui.service=service-webui"
      - "traefik.http.services.service-webui.loadbalancer.server.port=8080"
      - "traefik.http.routers.service-webui.entrypoints=websecure"
      - "traefik.http.routers.service-webui.tls.certresolver=myresolver"
    restart: always

volumes:
  service-webui: {}

networks:
  service-network:

################################################################
# API and dashboard configuration
################################################################
api:
  # Dashboard
  #
  #
  dashboard: false
  insecure: false
################################################################
# Docker configuration backend
################################################################
providers:
  docker:
    exposedByDefault: false
################################################################
# Traefik Logging
################################################################
log:
  level: INFO

################################################################
# Entrypoint
################################################################
entryPoints:
  web:
    address: :80
    # (Optional) Redirect to HTTPS
    # ---
    http:
      redirections:
        entryPoint:
          to: websecure
          scheme: https

  websecure:
    address: :443
################################################################
# Challenege DNS
################################################################
certificatesResolvers:
  myresolver:
    acme:
      email: admin@service.com
      storage: acme.json
      # caServer: "https://acme-staging-v02.api.letsencrypt.org/directory" # staging domain
      caServer: "https://acme-v02.api.letsencrypt.org/directory" # live domain
      dnsChallenge:
        provider: digitalocean
        delayBeforeCheck: 0

bluepuma77 · February 13, 2024, 5:35am

Use a full path to your bind mount to save certs on host, not only within container:

storage: /letsencrypt/acme.json

Hunt112 · February 13, 2024, 12:32pm

Where do I put that?

And is there a way to get let’s encrypt to provide me with a cert or am I out of luck?

bluepuma77 · February 13, 2024, 12:38pm

Seriously, you can’t search your own post for storage? Maybe check your traefik.yml file.

It seems you hit LetsEncrypt limits, you should see that in Traefik logs, it might take a week until you can retry (doc).

Hunt112 · February 13, 2024, 2:50pm

That was stupid of me, I completely missed it, kept seeing volume.

Hunt112 · February 13, 2024, 3:02pm

Yeh it hit the rate limit. I'm pissed off as I thought I was storing the cert.

Hunt112 · February 13, 2024, 4:18pm

Will the two acme.json files on my server be live certs rather than traefik ones? Is there a way I can check?

bluepuma77 · February 13, 2024, 8:29pm

There is only one file. You can check by looking into the file, for example with cat, it’s mostly human readable.

Topic		Replies	Views
Certificate problem letsencrypt Traefik v2 docker , letsencrypt-acme	4	1162	October 3, 2021
Can not update Let’s Encrypt Certificates traefik Traefik v2 docker	3	325	September 21, 2022
Docker, Traefik v2, SSL cannot set default cert Traefik v2 docker	2	780	October 15, 2019
Docker SSL Certificates Traefik v2 docker	6	5386	September 24, 2019
Change Traefik default certificate Traefik v2 docker	2	3826	January 11, 2022

Traefik Not Storing Cert

Related topics