Traefik switches to default self signed certificate even when I have mounted the volume containng letsencrypt certs

vitachaos · November 13, 2021, 6:04pm

I am using latest traefik version in the container

While attempting to setup https for subdomain.example.com domain name , even after using my own lets encrypt certs traefik was switching to traefik default self signed certificates.
then I spotted this error in logs:

time="2021-11-13T17:53:10Z" level=info msg="Starting provider *acme.Provider {\"email\":\"registered_email_with_letsencrypt@gmail.com\",\"caServer\":\"https://acme-v02.api.letsencrypt.org/directory\",\"storage\":\"/letsencrypt/acme.json\",\"keyType\":\"RSA4096\",\"tlsChallenge\":{},\"ResolverName\":\"myresolver\",\"store\":{},\"TLSChallengeProvider\":{\"Timeout\":4000000000},\"HTTPChallengeProvider\":{}}",
time="2021-11-13T17:53:10Z" level=debug msg="Configuration received from provider myresolver.acme: {\"http\":{},\"tls\":{}}" providerName=myresolver.acme,
time="2021-11-13T17:53:10Z" level=debug msg="No default certificate, generating one" tlsStoreName=default,
time="2021-11-13T17:53:10Z" level=info msg="Testing certificate renew..." providerName=myresolver.acme,
time="2021-11-13T17:53:10Z" level=debug msg="Configuration received from provider internal: {\"http\":{\"services\":{\"api\":{},\"dashboard\":{},\"noop\":{}},\"serversTransports\":{\"default\":{\"maxIdleConnsPerHost\":200}}},\"tcp\":{},\"tls\":{}}" providerName=internal

what am I missing ?
This is the traefik container I am running in the service .

version: '3.9'

services:

  traefik:
    image: "traefik:latest"
    command:
      - --global.sendAnonymousUsage=true
      - --api.dashboard=true
      - --entrypoints.web.address=:80
      - --entrypoints.websecure.address=:443
      - --providers.docker=true
      - --providers.docker.swarmMode=true
      - --providers.docker.exposedbydefault=false
      - --providers.docker.network=public
      # - "--providers.providersthrottleduration=100"
      - "--certificatesresolvers.myresolver.acme.tlschallenge=true"
      - "--certificatesresolvers.myresolver.acme.email=registered_email_with_letsencrypt@gmail.com"
      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
      # - --providers.file.directory=/etc/certs/dynamic
      - --api
      - --log.level=DEBUG
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    networks:
      - public
    volumes:
      - /home/ceres/traefik/letsencrypt:/letsencrypt 
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      # - /home/skumar/traefik/certs:/etc/certs
    deploy:
      mode: replicated
      replicas: 1
      placement:
        constraints:
          - "node.hostname==ceres"

sad thing is I had it working in the morning, except the certs were from example.com instead of subdomain.example.com then I started trying the dnschallenge method I forgot to save the older config I used.

Topic		Replies	Views
Traefik refuses to use my valid ACME certificate, falls back to self signed Traefik v2 (latest) docker , letsencrypt-acme	3	849	August 4, 2023
ACME Default Certificate does not work Traefik v2 (latest) docker , letsencrypt-acme	1	109	February 8, 2024
Traefik Uses Self-Signed Certificate Instead of ACME/Letsencrypt One Traefik v2 (latest) letsencrypt-acme	1	2190	March 21, 2020
2.9.4: ACME Default Certificate not working Traefik v2 (latest) docker-swarm , letsencrypt-acme	3	957	November 15, 2022
Letsencrypt DNS-ACME: No default certificate, fallback to the internal generated certificate Traefik v2 (latest) docker , letsencrypt-acme	12	2895	March 8, 2023

Traefik switches to default self signed certificate even when I have mounted the volume containng letsencrypt certs

Related Topics