Traefik ssl lets-encrypt certificates not renewing

I have followed this guide to setup traefik on digitalocean droplet and it worked, generating and renewing ssl certificates. But recently it had stopped working. keep getting emails about certificates expiring and forcing traefik to regenerate certificates in "acme.json" by deleting and touching the file does not work. Does anyone know how I can debug this?

I have made sure that the permissions of acme.json are correct and that it can be seen and modified in the docker container already. Tried updating to use the latest version of traefik 2.9.6 but still doesn't work.

config files

Any help is appreciated!

Usually Traefik is very stable :slight_smile: What else did change? File rights, DNS entries, enabled some DigitalOcean proxying or DDoS protection? What does the Traefik debug log tell you?

1 Like

Oh I switched my domain name registrar from namecheap to cloudflare. Could that have had any effect? I'll take a look at the logs too

Especially CloudFlare is usually doing proxying, not just DNS (but you can adjust that). That probably does not work with Traefik LetsEncrypt TLSChallenge.

I see. I'm still not very familiar with this.

Do I configure my tls/ssl in cloudflare like the above guide (point 3)?

#3. Turn Cloudflare's SSL off when Traefik tries to fetch LetsEncrypt SSL certificates. If this rule is not presented, then Cloudflare's free SSL certificate with interfere with LetsEncrypt. In other words, the LetsEncrypt server must be able to see your origin server and the private key directly without any intermediate (Cloudflare proxy).

I have moved my certificatesResolvers from lets-encrypt to cloudflare following this guide and it seemed to have worked.

When I check the certificate on my website it still used lets-encrypt but the expiry date has been extended. Does cloudflare use lets-encrypt under the hood?