Traefik TSL Handshake error - Let's Encrypt certificate not created

Juergen · December 18, 2023, 5:50pm

Dear community support,

I'm running a Solar Power Vehicle Control and Monitoring System on a raspberrypi - server sided based on evcc and traefik - please see https://jfraundo251158.github.io.

Unfortunately after some month of fine working the system is broken. Hard to find out what's the root cause since there were operating system-, traefik- and Fritzbox router updates in the meantime.

In a first step I could verify that the Fritzbox router and Let's Encrypt should be okay again. At least now with recent adaptions Let's Debug reports 'No issues were found'.

Probably my traefik configuration is not perfect and maybe with traefik updates it's not going to work anymore. The problem starts now with the file "/letsencrypt/acme.json", which is created but it's empty - Zero bytes. Please find below the configs.

docker-compose.yml
version: "3"
services:
reverse-proxy:
container_name: reverse-proxy
image: "traefik:latest"
command:
- "--log.level=DEBUG"
- "--api.insecure=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--providers.file.directory=/rules"
- "--entrypoints.web.address=:80" # a must for Let's Encrypt
- "--entrypoints.https.address=:443" # SolVecConMon via https
- "--entrypoints.https.http.tls.certResolver=le"
- "--certificatesresolvers.le.acme.tlschallenge=true"
- "--certificatesresolvers.le.acme.email=jfr251158@icloud.com"
- "--certificatesresolvers.le.acme.storage=/letsencrypt/acme.json"
ports:
- "80:80" # a must for Let's Encrypt
- "443:443" # SolVecConMon from WWW via https
volumes:
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- "./rules:/rules:ro"
- "./letsencrypt:/letsencrypt" # a must for Let's Encrypt

Rules.yml
https:
routers:
evcc-https:
rule: "Host(7y4sbu5yhxrbxqpi.myfritz.net)" # dyndns, myfritz
service: "evcc-https-service"
middlewares:
- "evcc-auth"

services:
evcc-https-service:
Loadbalancer:
servers:
- url: "server url:7070" # hidden server url

middlewares:
evcc-auth:
basicAuth:
users:
- "USER:ENCRYPTEDPW" # hidden credentials

The Traefik log at startup - log is attached

As far as I can see it looks fine? But below line could point on a problem - not sure.
time="2023-12-16T14:32:11Z" level=debug msg="No default certificate, fallback to the internal generated certificate" tlsStoreName=default

When my app is trying to make a connection to the server below lines are logged
time="2023-12-16T14:49:33Z" level=debug msg="Serving default certificate for request: "7y4sbu5yhxrbxqpi.myfritz.net""
time="2023-12-16T14:49:33Z" level=debug msg="http: TLS handshake error from 80.187.83.178:25324: remote error: tls: unknown certificate authority"

Would be great if you could advice me how to overcome this challenge - Thanks in advance!

bluepuma77 · December 18, 2023, 6:54pm

Use 3 backticks in front and after code, it makes it more readable and in yaml every space matters.

Juergen · December 19, 2023, 9:46am

Thanks for fast reply! Maybe screenshots are even better - please see below.

docker-compose.yml.

rules.yml

bluepuma77 · December 19, 2023, 10:47am

No. Text enables everyone on every device to read it.

Use 3 backticks in front and after code, it makes it more readable and in yaml every space matters.

Juergen · December 19, 2023, 3:39pm

Please find docker-compose.yml and rules.yml below

## version: "3"

  reverse-proxy:
    container_name: reverse-proxy
    image: "traefik:latest"
    command:
      - "--log.level=DEBUG"
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--providers.file.directory=/rules"
      - "--entrypoints.web.address=:80"    # a must for Let's Encrypt
      - "--entrypoints.https.address=:443" # SolVecConMon via https
       
      - "--entrypoints.https.http.tls.certResolver=le"
      - "--certificatesresolvers.le.acme.tlschallenge=true"
      - "--certificatesresolvers.le.acme.email=jfr251158@icloud.com"
      - "--certificatesresolvers.le.acme.storage=/letsencrypt/acme.json"
  
    ports:
      - "80:80"                           # a must for Let's Encrypt
      - "443:443"                         # SolVecConMon from WWW via https
     
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "./rules:/rules:ro"
      - "./letsencrypt:/letsencrypt"      # a must for Let's Encrypt


## Rules configuration

https:
  routers:
    evcc-https:
      rule: "Host(`7y4sbu5yhxrbxqpi.myfritz.net`)"  # dyndns, myfritz
      service: "evcc-https-service"
      middlewares:
        - "evcc-auth"
       
  services:
    evcc-https-service:
      Loadbalancer:
        servers:
          - url: "http://server-url:7070"           # hidden server
          
  middlewares:
    evcc-auth:
      basicAuth:
#       headerField: "X-WebAuth-User"
#       removeHeader: true
        users:
          - "USER:ENCRYPTEDPW"                      # hidden credentials```

bluepuma77 · December 19, 2023, 6:35pm

./rules and ./letsencrypt are directories?

There seems to be config you are not showing, at least according to your log screenshot. Other or old dynamic config files? Other container labels?

Juergen · December 19, 2023, 7:26pm

Yes, ./rules and ./letsencrypt are directories. See dir structure below.
home ... raspiuser ... Docker-Compose
.............................I --- evcc
.............................I --- reverse-proxy
..........................................I --- letsencrypt
......................................... I --- rules

Please also find attached traefik log from just now with current config files - to be sure all fits together. Hope this will help. And thank you very much for your efforts!

bluepuma77 · December 19, 2023, 7:35pm

Text is sooo much easier, even searchable…

Juergen · December 19, 2023, 7:48pm

Can‘t add log in text since it reports too many links

bluepuma77 · December 19, 2023, 7:58pm

Root element needs to be http

Juergen · December 19, 2023, 9:09pm

bluepuma77 - you are my hero! Again many thanks!

The Let's encrypt certificate is created now and my application again gets the requested server data and looks fine : - ) GREAT!

I had changed the root element from http into https during the investigations with the Fritzbox router issues - and forgot to change it back.

So at the end I was faced with 3 issues for some month

Fritzbox router update enabled iPv6, which Let's encrypt didn't like
Fritzbox router update has broken DNSSEC validation - for which I recently got a patch
My http into https change within all the confusion

My app looks fine. Much more logging is in the traefik log now. But something is still fishy. A lot of authentication requests are failing - most likely not issued by my app. Maybe you have an idea what could be wrong.

Please find below the up-to-date log - part 1 (the trick with ```also works here)

time="2023-12-19T20:16:07Z" level=info msg="Configuration loaded from flags."
time="2023-12-19T20:16:07Z" level=info msg="Traefik version 2.10.7 built on 2023-12-06T15:54:59Z"
time="2023-12-19T20:16:07Z" level=debug msg="Static configuration loaded {\"global\":{\"checkNewVersion\":true},\"serversTransport\":{\"maxIdleConnsPerHost\":200},\"entryPoints\":{\"https\":{\"address\":\":443\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":\"10s\"},\"respondingTimeouts\":{\"idleTimeout\":\"3m0s\"}},\"forwardedHeaders\":{},\"http\":{\"tls\":{\"certResolver\":\"le\"}},\"http2\":{\"maxConcurrentStreams\":250},\"udp\":{\"timeout\":\"3s\"}},\"traefik\":{\"address\":\":8080\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":\"10s\"},\"respondingTimeouts\":{\"idleTimeout\":\"3m0s\"}},\"forwardedHeaders\":{},\"http\":{},\"http2\":{\"maxConcurrentStreams\":250},\"udp\":{\"timeout\":\"3s\"}},\"web\":{\"address\":\":80\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":\"10s\"},\"respondingTimeouts\":{\"idleTimeout\":\"3m0s\"}},\"forwardedHeaders\":{},\"http\":{},\"http2\":{\"maxConcurrentStreams\":250},\"udp\":{\"timeout\":\"3s\"}}},\"providers\":{\"providersThrottleDuration\":\"2s\",\"docker\":{\"watch\":true,\"endpoint\":\"unix:///var/run/docker.sock\",\"defaultRule\":\"Host(`{{ normalize .Name }}`)\",\"swarmModeRefreshSeconds\":\"15s\"},\"file\":{\"directory\":\"/rules\",\"watch\":true}},\"api\":{\"insecure\":true,\"dashboard\":true},\"log\":{\"level\":\"DEBUG\",\"format\":\"common\"},\"certificatesResolvers\":{\"le\":{\"acme\":{\"email\":\"jfr251158@icloud.com\",\"caServer\":\"https://acme-v02.api.letsencrypt.org/directory\",\"storage\":\"/letsencrypt/acme.json\",\"keyType\":\"RSA4096\",\"certificatesDuration\":2160,\"tlsChallenge\":{}}}}}"
time="2023-12-19T20:16:07Z" level=info msg="\nStats collection is disabled.\nHelp us improve Traefik by turning this feature on :)\nMore details on: https://doc.traefik.io/traefik/contributing/data-collection/\n"
time="2023-12-19T20:16:07Z" level=debug msg="Starting TCP Server" entryPointName=web
time="2023-12-19T20:16:07Z" level=info msg="Starting provider aggregator aggregator.ProviderAggregator"
time="2023-12-19T20:16:07Z" level=debug msg="Starting TCP Server" entryPointName=traefik
time="2023-12-19T20:16:07Z" level=debug msg="Starting TCP Server" entryPointName=https
time="2023-12-19T20:16:07Z" level=info msg="Starting provider *file.Provider"
time="2023-12-19T20:16:07Z" level=debug msg="*file.Provider provider configuration: {\"directory\":\"/rules\",\"watch\":true}"
time="2023-12-19T20:16:08Z" level=info msg="Starting provider *traefik.Provider"
time="2023-12-19T20:16:08Z" level=debug msg="*traefik.Provider provider configuration: {}"
time="2023-12-19T20:16:08Z" level=info msg="Starting provider *docker.Provider"
time="2023-12-19T20:16:08Z" level=debug msg="*docker.Provider provider configuration: {\"watch\":true,\"endpoint\":\"unix:///var/run/docker.sock\",\"defaultRule\":\"Host(`{{ normalize .Name }}`)\",\"swarmModeRefreshSeconds\":\"15s\"}"
time="2023-12-19T20:16:08Z" level=info msg="Starting provider *acme.ChallengeTLSALPN"
time="2023-12-19T20:16:08Z" level=debug msg="*acme.ChallengeTLSALPN provider configuration: {}"
time="2023-12-19T20:16:08Z" level=info msg="Starting provider *acme.Provider"
time="2023-12-19T20:16:08Z" level=debug msg="*acme.Provider provider configuration: {\"email\":\"jfr251158@icloud.com\",\"caServer\":\"https://acme-v02.api.letsencrypt.org/directory\",\"storage\":\"/letsencrypt/acme.json\",\"keyType\":\"RSA4096\",\"certificatesDuration\":2160,\"tlsChallenge\":{},\"ResolverName\":\"le\",\"store\":{},\"TLSChallengeProvider\":{},\"HTTPChallengeProvider\":{}}"
time="2023-12-19T20:16:08Z" level=debug msg="Attempt to renew certificates \"720h0m0s\" before expiry and check every \"24h0m0s\"" ACME CA="https://acme-v02.api.letsencrypt.org/directory" providerName=le.acme
time="2023-12-19T20:16:08Z" level=info msg="Testing certificate renew..." providerName=le.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory"
time="2023-12-19T20:16:08Z" level=debug msg="Configuration received: {\"http\":{\"routers\":{\"evcc-https\":{\"middlewares\":[\"evcc-auth\"],\"service\":\"evcc-https-service\",\"rule\":\"Host(`7y4sbu5yhxrbxqpi.myfritz.net`)\"}},\"services\":{\"evcc-https-service\":{\"loadBalancer\":{\"servers\":[{\"url\":\"http://raspberrypi:7070\"}],\"passHostHeader\":true}}},\"middlewares\":{\"evcc-auth\":{\"basicAuth\":{\"users\":[\"jfriWatchevcc:$apr1$5ku0imbg$SYFT2fB3WCQL7R9z8AML6.\"]}}}},\"tcp\":{},\"udp\":{},\"tls\":{}}" providerName=file
time="2023-12-19T20:16:08Z" level=debug msg="Configuration received: {\"http\":{\"routers\":{\"api\":{\"entryPoints\":[\"traefik\"],\"service\":\"api@internal\",\"rule\":\"PathPrefix(`/api`)\",\"priority\":2147483646},\"dashboard\":{\"entryPoints\":[\"traefik\"],\"middlewares\":[\"dashboard_redirect@internal\",\"dashboard_stripprefix@internal\"],\"service\":\"dashboard@internal\",\"rule\":\"PathPrefix(`/`)\",\"priority\":2147483645}},\"services\":{\"api\":{},\"dashboard\":{},\"noop\":{}},\"middlewares\":{\"dashboard_redirect\":{\"redirectRegex\":{\"regex\":\"^(http:\\\\/\\\\/(\\\\[[\\\\w:.]+\\\\]|[\\\\w\\\\._-]+)(:\\\\d+)?)\\\\/$\",\"replacement\":\"${1}/dashboard/\",\"permanent\":true}},\"dashboard_stripprefix\":{\"stripPrefix\":{\"prefixes\":[\"/dashboard/\",\"/dashboard\"]}}},\"models\":{\"https\":{\"tls\":{\"certResolver\":\"le\"}}},\"serversTransports\":{\"default\":{\"maxIdleConnsPerHost\":200}}},\"tcp\":{},\"udp\":{},\"tls\":{}}" providerName=internal
time="2023-12-19T20:16:08Z" level=debug msg="No entryPoint defined for this router, using the default one(s) instead: [https web]" routerName=evcc-https
time="2023-12-19T20:16:08Z" level=debug msg="Configuration received: {\"http\":{},\"tcp\":{},\"udp\":{},\"tls\":{}}" providerName=le.acme
time="2023-12-19T20:16:08Z" level=debug msg="Provider connection established with docker 24.0.7 (API 1.43)" providerName=docker
time="2023-12-19T20:16:08Z" level=debug msg="Filtering disabled container" providerName=docker container=reverse-proxy-reverse-proxy-8aa2026bddf29e923f935ff0f4890c1c3118449fb0de590d19f45c5bd85e406a
time="2023-12-19T20:16:08Z" level=debug msg="Filtering disabled container" providerName=docker container=evcc-evcc-b7c70bf7b5576cd8b715b0b53579cd8335e7aa6b1fdc367e9aa95d386b78d4f0
time="2023-12-19T20:16:08Z" level=debug msg="Configuration received: {\"http\":{},\"tcp\":{},\"udp\":{}}" providerName=docker
time="2023-12-19T20:16:10Z" level=debug msg="No default certificate, fallback to the internal generated certificate" tlsStoreName=default
time="2023-12-19T20:16:10Z" level=debug msg="Creating middleware" entryPointName=web routerName=evcc-https@file middlewareName=pipelining middlewareType=Pipelining serviceName=evcc-https-service
time="2023-12-19T20:16:10Z" level=debug msg="Creating load-balancer" routerName=evcc-https@file serviceName=evcc-https-service entryPointName=web
time="2023-12-19T20:16:10Z" level=debug msg="Creating server 0 http://raspberrypi:7070" serviceName=evcc-https-service serverName=0 entryPointName=web routerName=evcc-https@file
time="2023-12-19T20:16:10Z" level=debug msg="child http://raspberrypi:7070 now UP"
time="2023-12-19T20:16:10Z" level=debug msg="Propagating new UP status"
time="2023-12-19T20:16:10Z" level=debug msg="Added outgoing tracing middleware evcc-https-service" routerName=evcc-https@file entryPointName=web middlewareName=tracing middlewareType=TracingForwarder
time="2023-12-19T20:16:10Z" level=debug msg="Creating middleware" middlewareType=BasicAuth middlewareName=evcc-auth@file entryPointName=web routerName=evcc-https@file
time="2023-12-19T20:16:10Z" level=debug msg="Adding tracing to middleware" middlewareName=evcc-auth@file entryPointName=web routerName=evcc-https@file
time="2023-12-19T20:16:10Z" level=debug msg="Creating middleware" entryPointName=web middlewareType=Recovery middlewareName=traefik-internal-recovery
time="2023-12-19T20:16:10Z" level=debug msg="Added outgoing tracing middleware dashboard@internal" middlewareType=TracingForwarder entryPointName=traefik routerName=dashboard@internal middlewareName=tracing
time="2023-12-19T20:16:10Z" level=debug msg="Creating middleware" entryPointName=traefik routerName=dashboard@internal middlewareType=StripPrefix middlewareName=dashboard_stripprefix@internal
time="2023-12-19T20:16:10Z" level=debug msg="Adding tracing to middleware" middlewareName=dashboard_stripprefix@internal entryPointName=traefik routerName=dashboard@internal
time="2023-12-19T20:16:10Z" level=debug msg="Creating middleware" entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_redirect@internal middlewareType=RedirectRegex
time="2023-12-19T20:16:10Z" level=debug msg="Setting up redirection from ^(http:\\/\\/(\\[[\\w:.]+\\]|[\\w\\._-]+)(:\\d+)?)\\/$ to ${1}/dashboard/" entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_redirect@internal middlewareType=RedirectRegex
time="2023-12-19T20:16:10Z" level=debug msg="Adding tracing to middleware" entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_redirect@internal
time="2023-12-19T20:16:10Z" level=debug msg="Added outgoing tracing middleware api@internal" entryPointName=traefik middlewareName=tracing middlewareType=TracingForwarder routerName=api@internal
time="2023-12-19T20:16:10Z" level=debug msg="Creating middleware" middlewareName=traefik-internal-recovery middlewareType=Recovery entryPointName=traefik
time="2023-12-19T20:16:10Z" level=debug msg="Creating middleware" middlewareName=pipelining middlewareType=Pipelining entryPointName=https routerName=https-evcc-https@file serviceName=evcc-https-service
time="2023-12-19T20:16:10Z" level=debug msg="Creating load-balancer" entryPointName=https routerName=https-evcc-https@file serviceName=evcc-https-service
time="2023-12-19T20:16:10Z" level=debug msg="Creating server 0 http://raspberrypi:7070" serviceName=evcc-https-service entryPointName=https routerName=https-evcc-https@file serverName=0
time="2023-12-19T20:16:10Z" level=debug msg="child http://raspberrypi:7070 now UP"
time="2023-12-19T20:16:10Z" level=debug msg="Propagating new UP status"
time="2023-12-19T20:16:10Z" level=debug msg="Added outgoing tracing middleware evcc-https-service" routerName=https-evcc-https@file middlewareName=tracing middlewareType=TracingForwarder entryPointName=https
time="2023-12-19T20:16:10Z" level=debug msg="Creating middleware" middlewareName=evcc-auth@file middlewareType=BasicAuth entryPointName=https routerName=https-evcc-https@file
time="2023-12-19T20:16:10Z" level=debug msg="Adding tracing to middleware" middlewareName=evcc-auth@file entryPointName=https routerName=https-evcc-https@file
time="2023-12-19T20:16:10Z" level=debug msg="Creating middleware" entryPointName=https middlewareName=traefik-internal-recovery middlewareType=Recovery
time="2023-12-19T20:16:10Z" level=debug msg="Adding route for 7y4sbu5yhxrbxqpi.myfritz.net with TLS options default" entryPointName=https
time="2023-12-19T20:16:10Z" level=debug msg="No entryPoint defined for this router, using the default one(s) instead: [https web]" routerName=evcc-https
time="2023-12-19T20:16:10Z" level=debug msg="Trying to challenge certificate for domain [7y4sbu5yhxrbxqpi.myfritz.net] found in HostSNI rule" providerName=le.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory" routerName=https-evcc-https@file rule="Host(`7y4sbu5yhxrbxqpi.myfritz.net`)"
time="2023-12-19T20:16:10Z" level=debug msg="Looking for provided certificate(s) to validate [\"7y4sbu5yhxrbxqpi.myfritz.net\"]..." routerName=https-evcc-https@file rule="Host(`7y4sbu5yhxrbxqpi.myfritz.net`)" providerName=le.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory"
time="2023-12-19T20:16:12Z" level=debug msg="No default certificate, fallback to the internal generated certificate" tlsStoreName=default
time="2023-12-19T20:16:12Z" level=debug msg="Domains [\"7y4sbu5yhxrbxqpi.myfritz.net\"] need ACME certificates generation for domains \"7y4sbu5yhxrbxqpi.myfritz.net\"." rule="Host(`7y4sbu5yhxrbxqpi.myfritz.net`)" providerName=le.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory" routerName=https-evcc-https@file
time="2023-12-19T20:16:12Z" level=debug msg="Loading ACME certificates [7y4sbu5yhxrbxqpi.myfritz.net]..." routerName=https-evcc-https@file rule="Host(`7y4sbu5yhxrbxqpi.myfritz.net`)" providerName=le.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory"
time="2023-12-19T20:16:12Z" level=debug msg="Added outgoing tracing middleware api@internal" entryPointName=traefik routerName=api@internal middlewareName=tracing middlewareType=TracingForwarder
time="2023-12-19T20:16:12Z" level=debug msg="Added outgoing tracing middleware dashboard@internal" entryPointName=traefik routerName=dashboard@internal middlewareName=tracing middlewareType=TracingForwarder
time="2023-12-19T20:16:12Z" level=debug msg="Creating middleware" routerName=dashboard@internal middlewareName=dashboard_stripprefix@internal middlewareType=StripPrefix entryPointName=traefik
time="2023-12-19T20:16:12Z" level=debug msg="Adding tracing to middleware" entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_stripprefix@internal
time="2023-12-19T20:16:12Z" level=debug msg="Creating middleware" entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_redirect@internal middlewareType=RedirectRegex
time="2023-12-19T20:16:12Z" level=debug msg="Setting up redirection from ^(http:\\/\\/(\\[[\\w:.]+\\]|[\\w\\._-]+)(:\\d+)?)\\/$ to ${1}/dashboard/" middlewareName=dashboard_redirect@internal middlewareType=RedirectRegex entryPointName=traefik routerName=dashboard@internal
time="2023-12-19T20:16:12Z" level=debug msg="Adding tracing to middleware" routerName=dashboard@internal middlewareName=dashboard_redirect@internal entryPointName=traefik
time="2023-12-19T20:16:12Z" level=debug msg="Creating middleware" entryPointName=traefik middlewareName=traefik-internal-recovery middlewareType=Recovery
time="2023-12-19T20:16:12Z" level=debug msg="Creating middleware" middlewareName=pipelining middlewareType=Pipelining entryPointName=web routerName=evcc-https@file serviceName=evcc-https-service
time="2023-12-19T20:16:12Z" level=debug msg="Creating load-balancer" entryPointName=web routerName=evcc-https@file serviceName=evcc-https-service
time="2023-12-19T20:16:12Z" level=debug msg="Creating server 0 http://raspberrypi:7070" entryPointName=web serverName=0 routerName=evcc-https@file serviceName=evcc-https-service
time="2023-12-19T20:16:12Z" level=debug msg="child http://raspberrypi:7070 now UP"
time="2023-12-19T20:16:12Z" level=debug msg="Propagating new UP status"
time="2023-12-19T20:16:12Z" level=debug msg="Added outgoing tracing middleware evcc-https-service" routerName=evcc-https@file entryPointName=web middlewareName=tracing middlewareType=TracingForwarder
time="2023-12-19T20:16:12Z" level=debug msg="Creating middleware" routerName=evcc-https@file middlewareName=evcc-auth@file middlewareType=BasicAuth entryPointName=web
time="2023-12-19T20:16:12Z" level=debug msg="Adding tracing to middleware" entryPointName=web routerName=evcc-https@file middlewareName=evcc-auth@file
time="2023-12-19T20:16:12Z" level=debug msg="Creating middleware" entryPointName=web middlewareType=Recovery middlewareName=traefik-internal-recovery
time="2023-12-19T20:16:12Z" level=debug msg="Creating middleware" middlewareType=Pipelining entryPointName=https routerName=https-evcc-https@file serviceName=evcc-https-service middlewareName=pipelining
time="2023-12-19T20:16:12Z" level=debug msg="Creating load-balancer" entryPointName=https routerName=https-evcc-https@file serviceName=evcc-https-service
time="2023-12-19T20:16:12Z" level=debug msg="Creating server 0 http://raspberrypi:7070" serverName=0 serviceName=evcc-https-service entryPointName=https routerName=https-evcc-https@file
time="2023-12-19T20:16:12Z" level=debug msg="child http://raspberrypi:7070 now UP"
time="2023-12-19T20:16:12Z" level=debug msg="Propagating new UP status"
time="2023-12-19T20:16:12Z" level=debug msg="Added outgoing tracing middleware evcc-https-service" middlewareName=tracing middlewareType=TracingForwarder entryPointName=https routerName=https-evcc-https@file
time="2023-12-19T20:16:12Z" level=debug msg="Creating middleware" middlewareName=evcc-auth@file middlewareType=BasicAuth routerName=https-evcc-https@file entryPointName=https
time="2023-12-19T20:16:12Z" level=debug msg="Adding tracing to middleware" middlewareName=evcc-auth@file entryPointName=https routerName=https-evcc-https@file
time="2023-12-19T20:16:12Z" level=debug msg="Creating middleware" entryPointName=https middlewareName=traefik-internal-recovery middlewareType=Recovery
time="2023-12-19T20:16:12Z" level=debug msg="Adding route for 7y4sbu5yhxrbxqpi.myfritz.net with TLS options default" entryPointName=https
time="2023-12-19T20:16:12Z" level=debug msg="Trying to challenge certificate for domain [7y4sbu5yhxrbxqpi.myfritz.net] found in HostSNI rule" rule="Host(`7y4sbu5yhxrbxqpi.myfritz.net`)" routerName=https-evcc-https@file providerName=le.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory"
time="2023-12-19T20:16:12Z" level=debug msg="Looking for provided certificate(s) to validate [\"7y4sbu5yhxrbxqpi.myfritz.net\"]..." ACME CA="https://acme-v02.api.letsencrypt.org/directory" rule="Host(`7y4sbu5yhxrbxqpi.myfritz.net`)" routerName=https-evcc-https@file providerName=le.acme
time="2023-12-19T20:16:12Z" level=debug msg="No ACME certificate generation required for domains [\"7y4sbu5yhxrbxqpi.myfritz.net\"]." ACME CA="https://acme-v02.api.letsencrypt.org/directory" rule="Host(`7y4sbu5yhxrbxqpi.myfritz.net`)" routerName=https-evcc-https@file providerName=le.acme
time="2023-12-19T20:16:31Z" level=debug msg="Building ACME client..." providerName=le.acme
time="2023-12-19T20:16:31Z" level=debug msg="https://acme-v02.api.letsencrypt.org/directory" providerName=le.acme
time="2023-12-19T20:16:32Z" level=info msg=Register... providerName=le.acme
time="2023-12-19T20:16:32Z" level=debug msg="legolog: [INFO] acme: Registering account for jfr251158@icloud.com"
time="2023-12-19T20:16:32Z" level=debug msg="Using TLS Challenge provider." providerName=le.acme
time="2023-12-19T20:16:32Z" level=debug msg="legolog: [INFO] [7y4sbu5yhxrbxqpi.myfritz.net] acme: Obtaining bundled SAN certificate"
time="2023-12-19T20:16:33Z" level=debug msg="legolog: [INFO] [7y4sbu5yhxrbxqpi.myfritz.net] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/295316754516"
time="2023-12-19T20:16:33Z" level=debug msg="legolog: [INFO] [7y4sbu5yhxrbxqpi.myfritz.net] acme: use tls-alpn-01 solver"
time="2023-12-19T20:16:33Z" level=debug msg="legolog: [INFO] [7y4sbu5yhxrbxqpi.myfritz.net] acme: Trying to solve TLS-ALPN-01"
time="2023-12-19T20:16:33Z" level=debug msg="TLS Challenge Present temp certificate for 7y4sbu5yhxrbxqpi.myfritz.net" providerName=tlsalpn.acme
time="2023-12-19T20:16:38Z" level=debug msg="Configuration received: {\"http\":{},\"tcp\":{},\"udp\":{},\"tls\":{}}" providerName=tlsalpn.acme
time="2023-12-19T20:16:38Z" level=debug msg="No entryPoint defined for this router, using the default one(s) instead: [https web]" routerName=evcc-https
time="2023-12-19T20:16:38Z" level=debug msg="Adding certificate for domain(s) 7y4sbu5yhxrbxqpi.myfritz.net,acme challenge temp"
time="2023-12-19T20:16:39Z" level=debug msg="No default certificate, fallback to the internal generated certificate" tlsStoreName=default
time="2023-12-19T20:16:39Z" level=debug msg="Creating middleware" entryPointName=web routerName=evcc-https@file middlewareName=pipelining middlewareType=Pipelining serviceName=evcc-https-service
time="2023-12-19T20:16:39Z" level=debug msg="Creating load-balancer" serviceName=evcc-https-service entryPointName=web routerName=evcc-https@file
time="2023-12-19T20:16:39Z" level=debug msg="Creating server 0 http://raspberrypi:7070" serverName=0 entryPointName=web routerName=evcc-https@file serviceName=evcc-https-service
time="2023-12-19T20:16:39Z" level=debug msg="child http://raspberrypi:7070 now UP"
time="2023-12-19T20:16:39Z" level=debug msg="Propagating new UP status"
time="2023-12-19T20:16:39Z" level=debug msg="Added outgoing tracing middleware evcc-https-service" middlewareType=TracingForwarder middlewareName=tracing entryPointName=web routerName=evcc-https@file
time="2023-12-19T20:16:39Z" level=debug msg="Creating middleware" middlewareType=BasicAuth entryPointName=web routerName=evcc-https@file middlewareName=evcc-auth@file
time="2023-12-19T20:16:39Z" level=debug msg="Adding tracing to middleware" routerName=evcc-https@file middlewareName=evcc-auth@file entryPointName=web
time="2023-12-19T20:16:39Z" level=debug msg="Creating middleware" middlewareName=traefik-internal-recovery middlewareType=Recovery entryPointName=web
time="2023-12-19T20:16:39Z" level=debug msg="Added outgoing tracing middleware dashboard@internal" middlewareName=tracing middlewareType=TracingForwarder entryPointName=traefik routerName=dashboard@internal
time="2023-12-19T20:16:39Z" level=debug msg="Creating middleware" middlewareName=dashboard_stripprefix@internal middlewareType=StripPrefix entryPointName=traefik routerName=dashboard@internal
time="2023-12-19T20:16:39Z" level=debug msg="Adding tracing to middleware" entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_stripprefix@internal
time="2023-12-19T20:16:39Z" level=debug msg="Creating middleware" middlewareName=dashboard_redirect@internal middlewareType=RedirectRegex entryPointName=traefik routerName=dashboard@internal
time="2023-12-19T20:16:39Z" level=debug msg="Setting up redirection from ^(http:\\/\\/(\\[[\\w:.]+\\]|[\\w\\._-]+)(:\\d+)?)\\/$ to ${1}/dashboard/" entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_redirect@internal middlewareType=RedirectRegex
time="2023-12-19T20:16:39Z" level=debug msg="Adding tracing to middleware" entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_redirect@internal
time="2023-12-19T20:16:39Z" level=debug msg="Added outgoing tracing middleware api@internal" middlewareName=tracing middlewareType=TracingForwarder entryPointName=traefik routerName=api@internal
time="2023-12-19T20:16:39Z" level=debug msg="Creating middleware" entryPointName=traefik middlewareName=traefik-internal-recovery middlewareType=Recovery
time="2023-12-19T20:16:39Z" level=debug msg="Creating middleware" middlewareType=Pipelining entryPointName=https routerName=https-evcc-https@file serviceName=evcc-https-service middlewareName=pipelining
time="2023-12-19T20:16:39Z" level=debug msg="Creating load-balancer" routerName=https-evcc-https@file serviceName=evcc-https-service entryPointName=https
time="2023-12-19T20:16:39Z" level=debug msg="Creating server 0 http://raspberrypi:7070" serverName=0 entryPointName=https routerName=https-evcc-https@file serviceName=evcc-https-service
time="2023-12-19T20:16:39Z" level=debug msg="child http://raspberrypi:7070 now UP"
time="2023-12-19T20:16:39Z" level=debug msg="Propagating new UP status"
time="2023-12-19T20:16:39Z" level=debug msg="Added outgoing tracing middleware evcc-https-service" entryPointName=https routerName=https-evcc-https@file middlewareType=TracingForwarder middlewareName=tracing
time="2023-12-19T20:16:39Z" level=debug msg="Creating middleware" middlewareType=BasicAuth routerName=https-evcc-https@file entryPointName=https middlewareName=evcc-auth@file
time="2023-12-19T20:16:39Z" level=debug msg="Adding tracing to middleware" middlewareName=evcc-auth@file entryPointName=https routerName=https-evcc-https@file
time="2023-12-19T20:16:39Z" level=debug msg="Creating middleware" middlewareType=Recovery entryPointName=https middlewareName=traefik-internal-recovery
time="2023-12-19T20:16:39Z" level=debug msg="Adding route for 7y4sbu5yhxrbxqpi.myfritz.net with TLS options default" entryPointName=https

Juergen · December 19, 2023, 9:10pm

And below is part 2

time="2023-12-19T20:16:39Z" level=debug msg="Trying to challenge certificate for domain [7y4sbu5yhxrbxqpi.myfritz.net] found in HostSNI rule" providerName=le.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory" routerName=https-evcc-https@file rule="Host(`7y4sbu5yhxrbxqpi.myfritz.net`)"
time="2023-12-19T20:16:39Z" level=debug msg="Looking for provided certificate(s) to validate [\"7y4sbu5yhxrbxqpi.myfritz.net\"]..." ACME CA="https://acme-v02.api.letsencrypt.org/directory" routerName=https-evcc-https@file rule="Host(`7y4sbu5yhxrbxqpi.myfritz.net`)" providerName=le.acme
time="2023-12-19T20:16:39Z" level=debug msg="No ACME certificate generation required for domains [\"7y4sbu5yhxrbxqpi.myfritz.net\"]." ACME CA="https://acme-v02.api.letsencrypt.org/directory" routerName=https-evcc-https@file rule="Host(`7y4sbu5yhxrbxqpi.myfritz.net`)" providerName=le.acme
time="2023-12-19T20:16:40Z" level=debug msg="http: TLS handshake error from 54.184.65.86:27322: EOF"
time="2023-12-19T20:16:47Z" level=debug msg="legolog: [INFO] [7y4sbu5yhxrbxqpi.myfritz.net] The server validated our request"
time="2023-12-19T20:16:47Z" level=debug msg="TLS Challenge CleanUp temp certificate for 7y4sbu5yhxrbxqpi.myfritz.net" providerName=tlsalpn.acme
time="2023-12-19T20:16:47Z" level=debug msg="legolog: [INFO] [7y4sbu5yhxrbxqpi.myfritz.net] acme: Validations succeeded; requesting certificates"
time="2023-12-19T20:16:47Z" level=debug msg="Configuration received: {\"http\":{},\"tcp\":{},\"udp\":{},\"tls\":{}}" providerName=tlsalpn.acme
time="2023-12-19T20:16:47Z" level=debug msg="No entryPoint defined for this router, using the default one(s) instead: [https web]" routerName=evcc-https
time="2023-12-19T20:16:49Z" level=debug msg="No default certificate, fallback to the internal generated certificate" tlsStoreName=default
time="2023-12-19T20:16:49Z" level=debug msg="Added outgoing tracing middleware api@internal" middlewareType=TracingForwarder entryPointName=traefik routerName=api@internal middlewareName=tracing
time="2023-12-19T20:16:49Z" level=debug msg="Added outgoing tracing middleware dashboard@internal" middlewareType=TracingForwarder entryPointName=traefik routerName=dashboard@internal middlewareName=tracing
time="2023-12-19T20:16:49Z" level=debug msg="Creating middleware" entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_stripprefix@internal middlewareType=StripPrefix
time="2023-12-19T20:16:49Z" level=debug msg="Adding tracing to middleware" entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_stripprefix@internal
time="2023-12-19T20:16:49Z" level=debug msg="Creating middleware" routerName=dashboard@internal middlewareName=dashboard_redirect@internal middlewareType=RedirectRegex entryPointName=traefik
time="2023-12-19T20:16:49Z" level=debug msg="Setting up redirection from ^(http:\\/\\/(\\[[\\w:.]+\\]|[\\w\\._-]+)(:\\d+)?)\\/$ to ${1}/dashboard/" routerName=dashboard@internal middlewareName=dashboard_redirect@internal middlewareType=RedirectRegex entryPointName=traefik
time="2023-12-19T20:16:49Z" level=debug msg="Adding tracing to middleware" middlewareName=dashboard_redirect@internal entryPointName=traefik routerName=dashboard@internal
time="2023-12-19T20:16:49Z" level=debug msg="Creating middleware" middlewareName=traefik-internal-recovery middlewareType=Recovery entryPointName=traefik
time="2023-12-19T20:16:49Z" level=debug msg="Creating middleware" routerName=evcc-https@file middlewareName=pipelining middlewareType=Pipelining entryPointName=web serviceName=evcc-https-service
time="2023-12-19T20:16:49Z" level=debug msg="Creating load-balancer" routerName=evcc-https@file entryPointName=web serviceName=evcc-https-service
time="2023-12-19T20:16:49Z" level=debug msg="Creating server 0 http://raspberrypi:7070" serverName=0 routerName=evcc-https@file entryPointName=web serviceName=evcc-https-service
time="2023-12-19T20:16:49Z" level=debug msg="child http://raspberrypi:7070 now UP"
time="2023-12-19T20:16:49Z" level=debug msg="Propagating new UP status"
time="2023-12-19T20:16:49Z" level=debug msg="Added outgoing tracing middleware evcc-https-service" routerName=evcc-https@file middlewareName=tracing middlewareType=TracingForwarder entryPointName=web
time="2023-12-19T20:16:49Z" level=debug msg="Creating middleware" middlewareType=BasicAuth entryPointName=web routerName=evcc-https@file middlewareName=evcc-auth@file
time="2023-12-19T20:16:49Z" level=debug msg="Adding tracing to middleware" middlewareName=evcc-auth@file entryPointName=web routerName=evcc-https@file
time="2023-12-19T20:16:49Z" level=debug msg="Creating middleware" entryPointName=web middlewareName=traefik-internal-recovery middlewareType=Recovery
time="2023-12-19T20:16:49Z" level=debug msg="Creating middleware" serviceName=evcc-https-service middlewareName=pipelining middlewareType=Pipelining entryPointName=https routerName=https-evcc-https@file
time="2023-12-19T20:16:49Z" level=debug msg="Creating load-balancer" entryPointName=https routerName=https-evcc-https@file serviceName=evcc-https-service
time="2023-12-19T20:16:49Z" level=debug msg="Creating server 0 http://raspberrypi:7070" entryPointName=https routerName=https-evcc-https@file serviceName=evcc-https-service serverName=0
time="2023-12-19T20:16:49Z" level=debug msg="child http://raspberrypi:7070 now UP"
time="2023-12-19T20:16:49Z" level=debug msg="Propagating new UP status"
time="2023-12-19T20:16:49Z" level=debug msg="Added outgoing tracing middleware evcc-https-service" entryPointName=https routerName=https-evcc-https@file middlewareType=TracingForwarder middlewareName=tracing
time="2023-12-19T20:16:49Z" level=debug msg="Creating middleware" middlewareType=BasicAuth entryPointName=https routerName=https-evcc-https@file middlewareName=evcc-auth@file
time="2023-12-19T20:16:49Z" level=debug msg="Adding tracing to middleware" middlewareName=evcc-auth@file entryPointName=https routerName=https-evcc-https@file
time="2023-12-19T20:16:49Z" level=debug msg="Creating middleware" middlewareName=traefik-internal-recovery middlewareType=Recovery entryPointName=https
time="2023-12-19T20:16:49Z" level=debug msg="Adding route for 7y4sbu5yhxrbxqpi.myfritz.net with TLS options default" entryPointName=https
time="2023-12-19T20:16:49Z" level=debug msg="Trying to challenge certificate for domain [7y4sbu5yhxrbxqpi.myfritz.net] found in HostSNI rule" ACME CA="https://acme-v02.api.letsencrypt.org/directory" routerName=https-evcc-https@file rule="Host(`7y4sbu5yhxrbxqpi.myfritz.net`)" providerName=le.acme
time="2023-12-19T20:16:49Z" level=debug msg="Looking for provided certificate(s) to validate [\"7y4sbu5yhxrbxqpi.myfritz.net\"]..." routerName=https-evcc-https@file rule="Host(`7y4sbu5yhxrbxqpi.myfritz.net`)" providerName=le.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory"
time="2023-12-19T20:16:49Z" level=debug msg="No ACME certificate generation required for domains [\"7y4sbu5yhxrbxqpi.myfritz.net\"]." rule="Host(`7y4sbu5yhxrbxqpi.myfritz.net`)" providerName=le.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory" routerName=https-evcc-https@file
time="2023-12-19T20:17:05Z" level=debug msg="legolog: [INFO] [7y4sbu5yhxrbxqpi.myfritz.net] Server responded with a certificate."
time="2023-12-19T20:17:05Z" level=debug msg="Certificates obtained for domains [7y4sbu5yhxrbxqpi.myfritz.net]" ACME CA="https://acme-v02.api.letsencrypt.org/directory" routerName=https-evcc-https@file rule="Host(`7y4sbu5yhxrbxqpi.myfritz.net`)" providerName=le.acme
time="2023-12-19T20:17:05Z" level=debug msg="Configuration received: {\"http\":{},\"tcp\":{},\"udp\":{},\"tls\":{}}" providerName=le.acme
time="2023-12-19T20:17:05Z" level=debug msg="No entryPoint defined for this router, using the default one(s) instead: [https web]" routerName=evcc-https
time="2023-12-19T20:17:05Z" level=debug msg="Adding certificate for domain(s) 7y4sbu5yhxrbxqpi.myfritz.net"
time="2023-12-19T20:17:06Z" level=debug msg="No default certificate, fallback to the internal generated certificate" tlsStoreName=default
time="2023-12-19T20:17:06Z" level=debug msg="Added outgoing tracing middleware dashboard@internal" entryPointName=traefik routerName=dashboard@internal middlewareName=tracing middlewareType=TracingForwarder
time="2023-12-19T20:17:06Z" level=debug msg="Creating middleware" middlewareName=dashboard_stripprefix@internal middlewareType=StripPrefix entryPointName=traefik routerName=dashboard@internal
time="2023-12-19T20:17:06Z" level=debug msg="Adding tracing to middleware" entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_stripprefix@internal
time="2023-12-19T20:17:06Z" level=debug msg="Creating middleware" middlewareName=dashboard_redirect@internal entryPointName=traefik routerName=dashboard@internal middlewareType=RedirectRegex
time="2023-12-19T20:17:06Z" level=debug msg="Setting up redirection from ^(http:\\/\\/(\\[[\\w:.]+\\]|[\\w\\._-]+)(:\\d+)?)\\/$ to ${1}/dashboard/" middlewareName=dashboard_redirect@internal entryPointName=traefik routerName=dashboard@internal middlewareType=RedirectRegex
time="2023-12-19T20:17:06Z" level=debug msg="Adding tracing to middleware" entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_redirect@internal
time="2023-12-19T20:17:06Z" level=debug msg="Added outgoing tracing middleware api@internal" routerName=api@internal middlewareName=tracing middlewareType=TracingForwarder entryPointName=traefik
time="2023-12-19T20:17:06Z" level=debug msg="Creating middleware" middlewareType=Recovery entryPointName=traefik middlewareName=traefik-internal-recovery
time="2023-12-19T20:17:06Z" level=debug msg="Creating middleware" serviceName=evcc-https-service middlewareName=pipelining middlewareType=Pipelining entryPointName=web routerName=evcc-https@file
time="2023-12-19T20:17:06Z" level=debug msg="Creating load-balancer" entryPointName=web routerName=evcc-https@file serviceName=evcc-https-service
time="2023-12-19T20:17:06Z" level=debug msg="Creating server 0 http://raspberrypi:7070" serverName=0 entryPointName=web routerName=evcc-https@file serviceName=evcc-https-service
time="2023-12-19T20:17:06Z" level=debug msg="child http://raspberrypi:7070 now UP"
time="2023-12-19T20:17:06Z" level=debug msg="Propagating new UP status"
time="2023-12-19T20:17:06Z" level=debug msg="Added outgoing tracing middleware evcc-https-service" middlewareType=TracingForwarder entryPointName=web routerName=evcc-https@file middlewareName=tracing
time="2023-12-19T20:17:06Z" level=debug msg="Creating middleware" routerName=evcc-https@file middlewareName=evcc-auth@file middlewareType=BasicAuth entryPointName=web
time="2023-12-19T20:17:06Z" level=debug msg="Adding tracing to middleware" middlewareName=evcc-auth@file entryPointName=web routerName=evcc-https@file
time="2023-12-19T20:17:06Z" level=debug msg="Creating middleware" entryPointName=web middlewareName=traefik-internal-recovery middlewareType=Recovery
time="2023-12-19T20:17:06Z" level=debug msg="Creating middleware" middlewareType=Pipelining entryPointName=https routerName=https-evcc-https@file serviceName=evcc-https-service middlewareName=pipelining
time="2023-12-19T20:17:06Z" level=debug msg="Creating load-balancer" serviceName=evcc-https-service entryPointName=https routerName=https-evcc-https@file
time="2023-12-19T20:17:06Z" level=debug msg="Creating server 0 http://raspberrypi:7070" entryPointName=https serverName=0 routerName=https-evcc-https@file serviceName=evcc-https-service
time="2023-12-19T20:17:06Z" level=debug msg="child http://raspberrypi:7070 now UP"
time="2023-12-19T20:17:06Z" level=debug msg="Propagating new UP status"
time="2023-12-19T20:17:06Z" level=debug msg="Added outgoing tracing middleware evcc-https-service" entryPointName=https routerName=https-evcc-https@file middlewareName=tracing middlewareType=TracingForwarder
time="2023-12-19T20:17:06Z" level=debug msg="Creating middleware" middlewareType=BasicAuth entryPointName=https routerName=https-evcc-https@file middlewareName=evcc-auth@file
time="2023-12-19T20:17:06Z" level=debug msg="Adding tracing to middleware" middlewareName=evcc-auth@file entryPointName=https routerName=https-evcc-https@file
time="2023-12-19T20:17:06Z" level=debug msg="Creating middleware" entryPointName=https middlewareName=traefik-internal-recovery middlewareType=Recovery
time="2023-12-19T20:17:06Z" level=debug msg="Adding route for 7y4sbu5yhxrbxqpi.myfritz.net with TLS options default" entryPointName=https
time="2023-12-19T20:17:06Z" level=debug msg="Trying to challenge certificate for domain [7y4sbu5yhxrbxqpi.myfritz.net] found in HostSNI rule" providerName=le.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory" routerName=https-evcc-https@file rule="Host(`7y4sbu5yhxrbxqpi.myfritz.net`)"
time="2023-12-19T20:17:06Z" level=debug msg="Looking for provided certificate(s) to validate [\"7y4sbu5yhxrbxqpi.myfritz.net\"]..." rule="Host(`7y4sbu5yhxrbxqpi.myfritz.net`)" providerName=le.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory" routerName=https-evcc-https@file
time="2023-12-19T20:17:06Z" level=debug msg="No ACME certificate generation required for domains [\"7y4sbu5yhxrbxqpi.myfritz.net\"]." providerName=le.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory" routerName=https-evcc-https@file rule="Host(`7y4sbu5yhxrbxqpi.myfritz.net`)"
time="2023-12-19T20:18:12Z" level=debug msg="Authentication failed" middlewareType=BasicAuth middlewareName=evcc-auth@file
time="2023-12-19T20:18:15Z" level=debug msg="Authentication failed" middlewareType=BasicAuth middlewareName=evcc-auth@file
time="2023-12-19T20:18:15Z" level=debug msg="Serving default certificate for request: \"77.2.106.111\""
time="2023-12-19T20:18:15Z" level=debug msg="Serving default certificate for request: \"77.2.106.111\""
time="2023-12-19T20:18:15Z" level=debug msg="http: TLS handshake error from 161.35.27.144:41432: read tcp 172.18.0.2:443->161.35.27.144:41432: read: connection reset by peer"
time="2023-12-19T20:18:15Z" level=debug msg="Serving default certificate for request: \"77.2.106.111\""
time="2023-12-19T20:18:15Z" level=debug msg="http: TLS handshake error from 64.227.126.135:35562: read tcp 172.18.0.2:80->64.227.126.135:35562: read: connection reset by peer"
time="2023-12-19T20:18:15Z" level=debug msg="Serving default certificate for request: \"77.2.106.111\""
time="2023-12-19T20:18:15Z" level=debug msg="http: TLS handshake error from 161.35.27.144:41442: read tcp 172.18.0.2:443->161.35.27.144:41442: read: connection reset by peer"
time="2023-12-19T20:18:15Z" level=debug msg="Serving default certificate for request: \"77.2.106.111\""
time="2023-12-19T20:18:15Z" level=debug msg="http: TLS handshake error from 161.35.27.144:41454: tls: no cipher suite supported by both client and server"
time="2023-12-19T20:18:15Z" level=debug msg="http: TLS handshake error from 64.227.126.135:35588: read tcp 172.18.0.2:80->64.227.126.135:35588: read: connection reset by peer"
time="2023-12-19T20:18:15Z" level=debug msg="http: TLS handshake error from 161.35.27.144:41458: tls: client requested unsupported application protocols ([http/0.9 http/1.0 spdy/1 spdy/2 spdy/3 h2c hq])"
time="2023-12-19T20:18:15Z" level=debug msg="Serving default certificate for request: \"77.2.106.111\""
time="2023-12-19T20:18:15Z" level=debug msg="http: TLS handshake error from 64.227.126.135:35598: tls: no cipher suite supported by both client and server"
time="2023-12-19T20:18:15Z" level=debug msg="http: TLS handshake error from 161.35.27.144:41466: tls: client requested unsupported application protocols ([hq h2c spdy/3 spdy/2 spdy/1 http/1.0 http/0.9])"
time="2023-12-19T20:18:15Z" level=debug msg="http: TLS handshake error from 64.227.126.135:35606: tls: client requested unsupported application protocols ([http/0.9 http/1.0 spdy/1 spdy/2 spdy/3 h2c hq])"
time="2023-12-19T20:18:15Z" level=debug msg="http: TLS handshake error from 64.227.126.135:35614: tls: client requested unsupported application protocols ([hq h2c spdy/3 spdy/2 spdy/1 http/1.0 http/0.9])"
time="2023-12-19T20:18:15Z" level=debug msg="http: TLS handshake error from 161.35.27.144:41472: tls: client offered only unsupported versions: [302 301]"
time="2023-12-19T20:18:15Z" level=debug msg="http: TLS handshake error from 64.227.126.135:35616: tls: client offered only unsupported versions: [302 301]"
time="2023-12-19T20:18:15Z" level=debug msg="Serving default certificate for request: \"77.2.106.111\""
time="2023-12-19T20:18:15Z" level=debug msg="Serving default certificate for request: \"77.2.106.111\""
time="2023-12-19T20:18:15Z" level=debug msg="http: TLS handshake error from 161.35.27.144:41478: read tcp 172.18.0.2:443->161.35.27.144:41478: read: connection reset by peer"
time="2023-12-19T20:18:15Z" level=debug msg="Serving default certificate for request: \"77.2.106.111\""
time="2023-12-19T20:18:15Z" level=debug msg="http: TLS handshake error from 64.227.126.135:35620: read tcp 172.18.0.2:80->64.227.126.135:35620: read: connection reset by peer"
time="2023-12-19T20:18:15Z" level=debug msg="Serving default certificate for request: \"77.2.106.111\""
time="2023-12-19T20:18:15Z" level=debug msg="http: TLS handshake error from 161.35.27.144:41486: read tcp 172.18.0.2:443->161.35.27.144:41486: read: connection reset by peer"
time="2023-12-19T20:18:15Z" level=debug msg="Serving default certificate for request: \"77.2.106.111\""
time="2023-12-19T20:18:15Z" level=debug msg="http: TLS handshake error from 64.227.126.135:35628: read tcp 172.18.0.2:80->64.227.126.135:35628: read: connection reset by peer"
time="2023-12-19T20:18:16Z" level=debug msg="Serving default certificate for request: \"77.2.106.111\""
time="2023-12-19T20:18:16Z" level=debug msg="http: TLS handshake error from 161.35.27.144:41506: read tcp 172.18.0.2:443->161.35.27.144:41506: read: connection reset by peer"
time="2023-12-19T20:18:16Z" level=debug msg="Serving default certificate for request: \"77.2.106.111\""
time="2023-12-19T20:18:16Z" level=debug msg="http: TLS handshake error from 64.227.126.135:35636: read tcp 172.18.0.2:80->64.227.126.135:35636: read: connection reset by peer"
time="2023-12-19T20:18:16Z" level=debug msg="Serving default certificate for request: \"77.2.106.111\""
time="2023-12-19T20:18:16Z" level=debug msg="http: TLS handshake error from 161.35.27.144:41516: read tcp 172.18.0.2:443->161.35.27.144:41516: read: connection reset by peer"
time="2023-12-19T20:18:16Z" level=debug msg="http: TLS handshake error from 64.227.126.135:35644: read tcp 172.18.0.2:80->64.227.126.135:35644: read: connection reset by peer"
time="2023-12-19T20:18:16Z" level=debug msg="Authentication failed" middlewareName=evcc-auth@file middlewareType=BasicAuth
time="2023-12-19T20:18:16Z" level=debug msg="Authentication failed" middlewareName=evcc-auth@file middlewareType=BasicAuth
time="2023-12-19T20:18:16Z" level=debug msg="Authentication failed" middlewareName=evcc-auth@file middlewareType=BasicAuth
time="2023-12-19T20:18:16Z" level=debug msg="Authentication failed" middlewareType=BasicAuth middlewareName=evcc-auth@file
time="2023-12-19T20:18:16Z" level=debug msg="Authentication failed" middlewareType=BasicAuth middlewareName=evcc-auth@file
time="2023-12-19T20:18:16Z" level=debug msg="Authentication failed" middlewareType=BasicAuth middlewareName=evcc-auth@file
time="2023-12-19T20:18:16Z" level=debug msg="Authentication failed" middlewareType=BasicAuth middlewareName=evcc-auth@file
time="2023-12-19T20:18:16Z" level=debug msg="Authentication failed" middlewareType=BasicAuth middlewareName=evcc-auth@file
time="2023-12-19T20:18:16Z" level=debug msg="Authentication failed" middlewareType=BasicAuth middlewareName=evcc-auth@file
time="2023-12-19T20:18:16Z" level=debug msg="Authentication failed" middlewareName=evcc-auth@file middlewareType=BasicAuth
time="2023-12-19T20:18:16Z" level=debug msg="Authentication failed" middlewareType=BasicAuth middlewareName=evcc-auth@file
time="2023-12-19T20:18:17Z" level=debug msg="Authentication failed" middlewareName=evcc-auth@file middlewareType=BasicAuth
time="2023-12-19T20:18:17Z" level=debug msg="Authentication failed" middlewareName=evcc-auth@file middlewareType=BasicAuth
time="2023-12-19T20:18:17Z" level=debug msg="Authentication failed" middlewareType=BasicAuth middlewareName=evcc-auth@file
time="2023-12-19T20:18:17Z" level=debug msg="Authentication failed" middlewareName=evcc-auth@file middlewareType=BasicAuth
time="2023-12-19T20:18:17Z" level=debug msg="Authentication failed" middlewareName=evcc-auth@file middlewareType=BasicAuth
time="2023-12-19T20:18:20Z" level=debug msg="Authentication failed" middlewareType=BasicAuth middlewareName=evcc-auth@file
time="2023-12-19T20:18:22Z" level=debug msg="Authentication failed" middlewareName=evcc-auth@file middlewareType=BasicAuth
time="2023-12-19T20:18:23Z" level=debug msg="Authentication succeeded" middlewareName=evcc-auth@file middlewareType=BasicAuth
time="2023-12-19T20:18:25Z" level=debug msg="Authentication failed" middlewareType=BasicAuth middlewareName=evcc-auth@file
time="2023-12-19T20:18:28Z" level=debug msg="Authentication failed" middlewareName=evcc-auth@file middlewareType=BasicAuth
time="2023-12-19T20:18:30Z" level=debug msg="Authentication succeeded" middlewareName=evcc-auth@file middlewareType=BasicAuth
time="2023-12-19T20:18:31Z" level=debug msg="Authentication failed" middlewareName=evcc-auth@file middlewareType=BasicAuth
time="2023-12-19T20:18:37Z" level=debug msg="Authentication succeeded" middlewareType=BasicAuth middlewareName=evcc-auth@file
time="2023-12-19T20:18:38Z" level=debug msg="Authentication failed" middlewareType=BasicAuth middlewareName=evcc-auth@file
time="2023-12-19T20:18:38Z" level=debug msg="Authentication failed" middlewareType=BasicAuth middlewareName=evcc-auth@file
time="2023-12-19T20:18:38Z" level=debug msg="Authentication failed" middlewareType=BasicAuth middlewareName=evcc-auth@file
time="2023-12-19T20:18:39Z" level=debug msg="http: TLS handshake error from 31.170.22.23:36842: EOF"
time="2023-12-19T20:18:39Z" level=debug msg="http: TLS handshake error from 31.170.22.23:36856: EOF"
time="2023-12-19T20:18:40Z" level=debug msg="http: TLS handshake error from 31.170.22.23:36866: tls: no cipher suite supported by both client and server"
time="2023-12-19T20:18:40Z" level=debug msg="http: TLS handshake error from 31.170.22.23:36868: tls: client requested unsupported application protocols ([http/0.9 http/1.0 spdy/1 spdy/2 spdy/3 h2c hq])"
time="2023-12-19T20:18:41Z" level=debug msg="http: TLS handshake error from 31.170.22.23:36874: tls: client requested unsupported application protocols ([hq h2c spdy/3 spdy/2 spdy/1 http/1.0 http/0.9])"
time="2023-12-19T20:18:41Z" level=debug msg="http: TLS handshake error from 31.170.22.23:36878: tls: client offered only unsupported versions: [302 301]"
time="2023-12-19T20:18:42Z" level=debug msg="http: TLS handshake error from 31.170.22.23:36886: EOF"
time="2023-12-19T20:18:42Z" level=debug msg="http: TLS handshake error from 31.170.22.23:36890: EOF"
time="2023-12-19T20:18:42Z" level=debug msg="http: TLS handshake error from 31.170.22.23:36892: EOF"
time="2023-12-19T20:18:42Z" level=debug msg="http: TLS handshake error from 31.170.22.23:36904: EOF"
time="2023-12-19T20:18:43Z" level=debug msg="Authentication failed" middlewareType=BasicAuth middlewareName=evcc-auth@file
time="2023-12-19T20:18:44Z" level=debug msg="Authentication succeeded" middlewareType=BasicAuth middlewareName=evcc-auth@file
time="2023-12-19T20:18:51Z" level=debug msg="Authentication succeeded" middlewareName=evcc-auth@file middlewareType=BasicAuth
time="2023-12-19T20:18:58Z" level=debug msg="Authentication succeeded" middlewareName=evcc-auth@file middlewareType=BasicAuth
time="2023-12-19T20:19:05Z" level=debug msg="Authentication succeeded" middlewareName=evcc-auth@file middlewareType=BasicAuth
time="2023-12-19T20:19:09Z" level=debug msg="Authentication failed" middlewareName=evcc-auth@file middlewareType=BasicAuth
time="2023-12-19T20:19:12Z" level=debug msg="Authentication succeeded" middlewareName=evcc-auth@file middlewareType=BasicAuth
time="2023-12-19T20:19:19Z" level=debug msg="Authentication succeeded" middlewareType=BasicAuth middlewareName=evcc-auth@file
time="2023-12-19T20:19:26Z" level=debug msg="Authentication failed" middlewareName=evcc-auth@file middlewareType=BasicAuth
time="2023-12-19T20:19:43Z" level=debug msg="Authentication succeeded" middlewareName=evcc-auth@file middlewareType=BasicAuth
time="2023-12-19T20:19:49Z" level=debug msg="Authentication succeeded" middlewareType=BasicAuth middlewareName=evcc-auth@file
time="2023-12-19T20:19:56Z" level=debug msg="Authentication succeeded" middlewareType=BasicAuth middlewareName=evcc-auth@file
time="2023-12-19T20:20:03Z" level=debug msg="Authentication succeeded" middlewareName=evcc-auth@file middlewareType=BasicAuth
``

bluepuma77 · December 19, 2023, 9:21pm

When you get a new LE cert, your domain goes out into public.

There are always bots just waiting to test some exploitable URLs on new servers.

And of course they will fail at basicauth. And try some common user/pass combinations.

Juergen · December 19, 2023, 9:25pm

Sounds logical. Have a good time - bye

Topic		Replies	Views
Problems with Let's Encypt Certificate Generation Traefik v2 letsencrypt-acme	0	427	November 14, 2021
Traefik not reading the certifcate from acme.json Traefik v2 docker , letsencrypt-acme	0	295	February 12, 2021
Problem with LetsEncrypt certificate generation Traefik v2 letsencrypt-acme	1	1511	September 15, 2021
HTTPS let's encrypt not working Traefik v2 docker , letsencrypt-acme	2	4307	November 15, 2019
Traefik SSL Let's Encrypt invalid certificate Traefik v2 docker , letsencrypt-acme	2	698	October 4, 2022

Traefik TSL Handshake error - Let's Encrypt certificate not created

Related Topics