ERR_CONNECTION_REFUSED is usually the message when the browser tries to connect to IP:port. Also you stated there is no entry in access log, which means Traefik does not receive anything.
As traefik… works, sema… does not, I would say it’s a wrong IP in DNS. But you said the domain works with different port.
Are Traefik and sema running on the same host? In the same VM?
sema… domain needs to point to Traefik IP.
No traefik vm is traefik only. then lets forget a moment about sema, the same also doesn't work with the webinterface of my router. So fully external, it has a self signed one but i was creating a middleware for that, anyway i get the same connection refused error for that.
Something else... It shouldnt matter but I am questioning my traefik config right now cause another thing what just crossed my mind is -> Why do I get single certificates for each of my services???
I am calling a wildcard certficate in my traefik.yml. shouldn't I get only one certificate in my acme.json? why do I get one for each service? I mean, it works, like I can see when I go to my traefik dashboard, but didnt I request a wildcard cert?
Traefik and sema are not in the same server/VM? It seems the sema domain works on port 3000. That would mean the sema domain points to sema server, but it needs to point to the Traefik server IP for Traefik to proxy requests to sema.
No why should I use other services on the same VM? Its for traefik only. It was meant to be LXC, so a mircroservcice anyway.
but bingo, you are absolutely right. this was my mistake all the time.
It's fully working now and I feel dumb 
But I really thank you a lot for being so patient! I knew it was only something little.
There is only one thing were I still scratch my head. the wildcard certificate. I mean, I don't mind if it stays like that, think it's even better if it works automatically like that and there are differnt certficates for each service. but shouldnt I get a wildcard with that config?
Maybe you got the individual certs because you assigned the certresolver to the routers.
Mhh I thought so too. I cleaned my acme.json and only tried "tls: {}" with all my services in dynamic.conf and removed certResolver. but then nothing happened and acme.json stayed blank. But maybe I was not patient enought or didnt trigger/restarted it right. Anyway, I think I keep it like that. Again, thank you very much 
Note there is a 50 certs per week limit with LE, so if you have more (sub-)domains one day, you might want to use wildcards.
Thanks for that info. But I am running this only for my homelab and this limit should be fine. I don't think I will have that many services and none of them are public anyway. So even if I would hit that limit one day, no probem for me to wait another week. When this happens, I still can stop requesting the certs for half of them, wait a week or two and then the rest can get one and voila, problem solved cause then only half of them will be renewed at certain point and the others a week or two later. 
Yeah, except when your machine crashes and you need to renew all certs at once 
in real production with public (and alot) services, yes sure. (but I guess then you buy real certificates and don't use LE 
), but in my case it wouldnt hurt if I have to wait one more week But first all I'd need that many services
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.