Traefik won't update certs

d4maniac · March 16, 2020, 6:43pm

Hello!

Sorry if this has previously been posted. I looked through similar posts but couldn't find something similar.

I'm posting my various configs here. The first part is the generated acme.json.

This has previously worked fine without any input or changes from me. I am clueless as to why this isn't generating a cert anymore. I've tried removing the old acme.json file etc.

Previously a certificate would get generated without any hitches.

acme.json

{
  "cloudflare": {
    "Account": {
      "Email": "x",
      "Registration": {
        "body": {
          "status": "valid",
          "contact": [
            "mailto:x"
          ]
        },
        "uri": "https://acme-v02.api.letsencrypt.org/acme/acct/80759190"
      },
      "PrivateKey": "REDACTED=",
      "KeyType": "4096"
    },
    "Certificates": null
  }
}

application.yaml

domain: https://x.auth0.com/
token-endpoint: https://x.auth0.com/oauth/token
authorize-url: https://x.auth0.com/authorize

default:
  name: REDACTED.se
  client-id: REDACTED
  client-secret: REDACTED
  audience: https://x.auth0.com/userinfo
  scope: "profile openid email"
  redirect-uri: https://auth.x.se/signin
  token-cookie-domain: x.se
  restricted-methods:
  - GET
  - HEAD
  - OPTION
  - DELETE
  - PUT
  - PATCH
  - POST
  claims:
    - sub
    - name
    - email

traefik.yml

version: "3.4"

secrets:
  cf_api_key:
    file: "/share/appdata/config/secrets/cf_api_key.secret"

#configs:
#  auth-application.yaml:
#    file: /share/Docker/config/traefik/application.yaml

services:
  app:
    image: "traefik:latest"
    secrets:
      - cf_api_key
    environment:
      - CF_API_EMAIL=redacted
      - CF_API_KEY_FILE=/run/secrets/cf_api_key
    networks:
      - traefik_public
    ports:
      - "80:80"
      - "443:443"
      - "8090:8080"
    volumes:
#       - "/etc/timezone:/etc/timezone:ro"
       - /var/run/docker.sock:/var/run/docker.sock:ro
       - /share/appdata/config/traefik:/etc/traefik
       - /share/appdata/config/traefik/acme.json:/etc/traefik/acme.json
    environment:
      - "TZ=Europe/Stockholm"
      - PUID=1000
      - PGID=100
    command: --configFile=/etc/traefik/traefik-static.yaml
    deploy:
      placement:
        constraints: [node.role == manager]
      labels:
        - "traefik.enable=true"
        - "traefik.http.routers.traefik.entrypoints=https"        
        - "traefik.http.routers.traefik.rule=Host(`traefik.REDACTED.se`) || (Host(`REDACTED.se`) && Path(`/traefik`))"
        - "traefik.http.routers.traefik.tls.certresolver=cloudflare"
        - "traefik.http.routers.traefik.service: api@internal"
        - "traefik.http.routers.traefik.middlewares=forward-auth@file"        
        - "traefik.http.services.traefik.loadbalancer.server.port=8080"                   

  auth:
    image: "dniel/forwardauth:latest"
    networks:
      - traefik_public
    ports:
      - 8080:8080
    volumes:
      - /share/appdata/config/traefik/application.yaml:/config/application.yaml
    environment:
      - "TZ=Europe/Stockholm"
    deploy:
      resources:
        limits:
          memory: 512M
      restart_policy:
        condition: any
        delay: 5s
        max_attempts: 3                   
      labels:
        - "traefik.enable=true"
        - "traefik.http.routers.auth.entrypoints=https"
        - "traefik.http.routers.auth.rule=Host(`auth.REDACTED.se`)"
        - "traefik.http.routers.auth.tls.certresolver=cloudflare"             
        - "traefik.http.routers.auth.middlewares=forward-auth@file"         
        - "traefik.http.services.auth.loadbalancer.server.port=8080"
        
  whoami:
    image: containous/whoami
    networks:
      - traefik_public
    environment:
      - "TZ=Europe/Stockholm"    
    deploy:
      resources:
        limits:             
          memory: 512M 
      restart_policy:
        condition: any
        delay: 5s
        max_attempts: 3                  
      labels:
        - "traefik.enable=true"
        - "traefik.http.routers.whoami.entrypoints=https"
        - "traefik.http.routers.whoami.rule=Host(`whoami.REDACTED.se`)"
        - "traefik.http.routers.whoami.tls.certresolver=cloudflare"        
        - "traefik.http.routers.whoami.middlewares=forward-auth@file"
        - "traefik.http.services.whoami.loadbalancer.server.port=80"

  www:
    image: "dniel/blogr-www"
    networks:
      - traefik_public
    environment:
      - "TZ=Europe/Stockholm"    
    deploy:
      replicas: 1      
      resources:
        limits:
          memory: 512M  
      restart_policy:
        condition: any
        delay: 5s
        max_attempts: 3                
      labels:
        - "traefik.enable=true"
        - "traefik.http.routers.www.entrypoints=https"
        - "traefik.http.routers.www.rule=Host(`www.REDACTED.se`)"
        - "traefik.http.routers.www.tls.certresolver=cloudflare"        
        - "traefik.http.routers.www.middlewares=forward-auth@file"
        - "traefik.http.services.www.loadbalancer.server.port=80"                      

networks:
  traefik_public:
    external: true

traefik-static.yaml

# Traefik Static Configuration
# Host Path: /share/appdata/config/traefik/traefik-static.yaml
# Internal Path: /etc/traefik/traefik-static.yaml

global:
  checkNewVersion: true

serversTransport:
  insecureSkipVerify: true

entryPoints:
  http:
    address: ":80"
    # Trust IPv4 Private Address Space
    forwardedHeaders:
      trustedIPs:
      - "172.16.0.0/12"
      - "10.0.0.0/8"
      - "192.168.0.0/16"

  https:
    address: ":443"
    # Trust IPv4 Private Address Space
    forwardedHeaders:
      trustedIPs:
      - "172.16.0.0/12"
      - "10.0.0.0/8"
      - "192.168.0.0/16"

providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    # Alternative endpoint:
    # endpoint: "tcp://127.0.0.1:2375"
    watch: true
    swarmMode: true
    network: traefik_public
    # Optional defaultRule: "Host(`{{ .Name }}.localhost`)"
    useBindPortIP: false
    exposedByDefault: false

  file:
    # Optional instead of directory: 
    # filename: /etc/traefik/traefik-dynamic.yaml
    directory: /etc/traefik/dynamic
    watch: true
    debugLogGeneratedTemplate: true

api:
  dashboard: true
  insecure: true
  debug: true

metrics:
  prometheus:
    buckets:
    - "0.1"
    - "0.3"
    - "1.2"
    - "5"
    addEntryPointsLabels: true
    addServicesLabels: true
    entryPoint: metrics

ping:
  entryPoint: ping

log:
  level: DEBUG
  filePath: "/etc/traefik/traefik.log"

accessLog:
  filePath: "/etc/traefik/access.log"

certificatesResolvers:
  cloudflare:
    acme:
      email: "REDACTED@gmail.com"
      storage: "/etc/traefik/acme.json"
      dnsChallenge:
        provider: cloudflare
        resolvers:
        - "1.1.1.1:53"
        - "8.8.8.8:53"

d4maniac · March 18, 2020, 10:22am

I've been trying to troubleshoot this to no ends. I am starting to wonder if the problem is some kind of incorrect configuration of traefik itself. Worth noting also that x and REDACTED are both redacted.

Since migrating from 1.7 to 2.0 I could never reach traefik via url but only via internal ip.

I would be very grateful for any support!

Thank you all

d4maniac · March 18, 2020, 5:29pm

This is from the traefik.log

time="2020-03-16T19:34:32+01:00" level=error msg="Unable to obtain ACME certificate for domains \"nextadmin.REDACTED.se\": cannot get ACME client cloudflare: some credentials information are missing: CLOUDFLARE_EMAIL,CLOUDFLARE_API_KEY or some credentials information are missing: CLOUDFLARE_DNS_API_TOKEN,CLOUDFLARE_ZONE_API_TOKEN" rule="Host(`nextadmin.REDACTED.se`)" providerName=cloudflare.acme routerName=nextadmin@docker
time="2020-03-16T19:34:32+01:00" level=debug msg="Building ACME client..." providerName=cloudflare.acme

All the information needed is however provided so I can't really understand why it won't renew.

d4maniac · March 19, 2020, 3:52pm

Since there doesn't seem to be any community support / interest I was wondering if there is a higher tier of support? Perhaps for pay?

cakiwi · March 19, 2020, 5:19pm

Have you ruled out bad secret path/permissions etc ?

Tried the API direct in the Environment vs Secret ?

d4maniac · March 19, 2020, 5:49pm

Thank you for the response!

I have attempted to recreate it without any secrets (info directly into the ymls) and previous to that I made sure that I gave the entire secrets folder chmod 777.

Edit: Also I've tried working using the staging server for cf (to avoid rate limitation) but it's still complaining about same error:

acme.json

{
  "cloudflare": {
    "Account": {
      "Email": "Redacted",
      "Registration": {
        "body": {
          "status": "valid",
          "contact": [
            "mailto:Redacted"
          ]
        },
        "uri": "https://acme-v02.api.letsencrypt.org/acme/acct/81031964"
      },
      "PrivateKey": "Redacted",
      "KeyType": "4096"
    },
    "Certificates": null
  }
}

traefik.log

time="2020-03-19T19:21:34+01:00" level=debug msg="Domains [\"www.REDACTED.se\"] need ACME certificates generation for domains \"www.REDACTED.se\"." providerName=cloudflare.acme routerName=www rule="Host(`www.REDACTED.se`)"
time="2020-03-19T19:21:34+01:00" level=debug msg="Try to challenge certificate for domain [plex.REDACTED.se] founded in HostSNI rule" rule="Host(`plex.REDACTED.se`)" providerName=cloudflare.acme routerName=plex
time="2020-03-19T19:21:34+01:00" level=debug msg="Building ACME client..." providerName=cloudflare.acme
time="2020-03-19T19:21:34+01:00" level=debug msg="https://acme-staging-v02.api.letsencrypt.org/directory" providerName=cloudflare.acme
time="2020-03-19T19:21:34+01:00" level=debug msg="Looking for provided certificate(s) to validate [\"whoami.REDACTED.se\"]..." routerName=whoami rule="Host(`whoami.REDACTED.se`)" providerName=cloudflare.acme
time="2020-03-19T19:21:34+01:00" level=debug msg="Try to challenge certificate for domain [lidarr.REDACTED.se] founded in HostSNI rule" routerName=lidarr rule="Host(`lidarr.REDACTED.se`)" providerName=cloudflare.acme
time="2020-03-19T19:21:34+01:00" level=debug msg="Domains [\"jackett.REDACTED.se\"] need ACME certificates generation for domains \"jackett.REDACTED.se\"." rule="Host(`jackett.REDACTED.se`)" providerName=cloudflare.acme routerName=jackett
time="2020-03-19T19:21:34+01:00" level=debug msg="Try to challenge certificate for domain [nzbget.REDACTED.se] founded in HostSNI rule" rule="Host(`nzbget.REDACTED.se`)" providerName=cloudflare.acme routerName=nzbget
time="2020-03-19T19:21:34+01:00" level=debug msg="Try to challenge certificate for domain [oscarr.REDACTED.se] founded in HostSNI rule" rule="Host(`oscarr.REDACTED.se`)" providerName=cloudflare.acme routerName=oscarr
time="2020-03-19T19:21:34+01:00" level=debug msg="Domains [\"whoami.REDACTED.se\"] need ACME certificates generation for domains \"whoami.REDACTED.se\"." rule="Host(`whoami.REDACTED.se`)" providerName=cloudflare.acme routerName=whoami
time="2020-03-19T19:21:34+01:00" level=debug msg="Try to challenge certificate for domain [sonarr.REDACTED.se] founded in HostSNI rule" providerName=cloudflare.acme routerName=sonarr rule="Host(`sonarr.REDACTED.se`)"
time="2020-03-19T19:21:34+01:00" level=debug msg="Try to challenge certificate for domain [headphones.REDACTED.se] founded in HostSNI rule" rule="Host(`headphones.REDACTED.se`)" providerName=cloudflare.acme routerName=headphones
time="2020-03-19T19:21:34+01:00" level=debug msg="Try to challenge certificate for domain [heimdall.REDACTED.se] founded in HostSNI rule" rule="Host(`heimdall.REDACTED.se`)" providerName=cloudflare.acme routerName=heimdall
time="2020-03-19T19:21:34+01:00" level=debug msg="Try to challenge certificate for domain [portainer.REDACTED.se] founded in HostSNI rule" routerName=portainer rule="Host(`portainer.REDACTED.se`)" providerName=cloudflare.acme
time="2020-03-19T19:21:34+01:00" level=debug msg="Try to challenge certificate for domain [auth.REDACTED.se] founded in HostSNI rule" providerName=cloudflare.acme routerName=auth rule="Host(`auth.REDACTED.se`)"
time="2020-03-19T19:21:34+01:00" level=debug msg="Looking for provided certificate(s) to validate [\"bazarr.REDACTED.se\"]..." providerName=cloudflare.acme routerName=bazarr rule="Host(`bazarr.REDACTED.se`)"
time="2020-03-19T19:21:34+01:00" level=debug msg="Domains [\"bazarr.REDACTED.se\"] need ACME certificates generation for domains \"bazarr.REDACTED.se\"." routerName=bazarr rule="Host(`bazarr.REDACTED.se`)" providerName=cloudflare.acme
time="2020-03-19T19:21:34+01:00" level=debug msg="Loading ACME certificates [ombi.REDACTED.se]..." providerName=cloudflare.acme routerName=ombi rule="Host(`ombi.REDACTED.se`)"
time="2020-03-19T19:21:34+01:00" level=debug msg="Looking for provided certificate(s) to validate [\"headphones.REDACTED.se\"]..." providerName=cloudflare.acme routerName=headphones rule="Host(`headphones.REDACTED.se`)"
time="2020-03-19T19:21:34+01:00" level=debug msg="Domains [\"headphones.REDACTED.se\"] need ACME certificates generation for domains \"headphones.REDACTED.se\"." routerName=headphones rule="Host(`headphones.REDACTED.se`)" providerName=cloudflare.acme
time="2020-03-19T19:21:34+01:00" level=debug msg="Looking for provided certificate(s) to validate [\"lidarr.REDACTED.se\"]..." providerName=cloudflare.acme routerName=lidarr rule="Host(`lidarr.REDACTED.se`)"
time="2020-03-19T19:21:34+01:00" level=debug msg="Looking for provided certificate(s) to validate [\"heimdall.REDACTED.se\"]..." routerName=heimdall rule="Host(`heimdall.REDACTED.se`)" providerName=cloudflare.acme
time="2020-03-19T19:21:34+01:00" level=debug msg="Domains [\"lidarr.REDACTED.se\"] need ACME certificates generation for domains \"lidarr.REDACTED.se\"." routerName=lidarr rule="Host(`lidarr.REDACTED.se`)" providerName=cloudflare.acme
time="2020-03-19T19:21:34+01:00" level=debug msg="Looking for provided certificate(s) to validate [\"nzbget.REDACTED.se\"]..." rule="Host(`nzbget.REDACTED.se`)" providerName=cloudflare.acme routerName=nzbget
time="2020-03-19T19:21:34+01:00" level=debug msg="Domains [\"heimdall.REDACTED.se\"] need ACME certificates generation for domains \"heimdall.REDACTED.se\"." providerName=cloudflare.acme routerName=heimdall rule="Host(`heimdall.REDACTED.se`)"
time="2020-03-19T19:21:34+01:00" level=debug msg="Looking for provided certificate(s) to validate [\"portainer.REDACTED.se\"]..." rule="Host(`portainer.REDACTED.se`)" providerName=cloudflare.acme routerName=portainer
time="2020-03-19T19:21:34+01:00" level=debug msg="Domains [\"nzbget.REDACTED.se\"] need ACME certificates generation for domains \"nzbget.REDACTED.se\"." routerName=nzbget rule="Host(`nzbget.REDACTED.se`)" providerName=cloudflare.acme
time="2020-03-19T19:21:34+01:00" level=debug msg="Looking for provided certificate(s) to validate [\"oscarr.REDACTED.se\"]..." routerName=oscarr rule="Host(`oscarr.REDACTED.se`)" providerName=cloudflare.acme
time="2020-03-19T19:21:34+01:00" level=debug msg="Domains [\"portainer.REDACTED.se\"] need ACME certificates generation for domains \"portainer.REDACTED.se\"." routerName=portainer rule="Host(`portainer.REDACTED.se`)" providerName=cloudflare.acme
time="2020-03-19T19:21:34+01:00" level=debug msg="Looking for provided certificate(s) to validate [\"nzbhydra.REDACTED.se\"]..." rule="Host(`nzbhydra.REDACTED.se`)" providerName=cloudflare.acme routerName=hydra2
time="2020-03-19T19:21:34+01:00" level=debug msg="Domains [\"oscarr.REDACTED.se\"] need ACME certificates generation for domains \"oscarr.REDACTED.se\"." routerName=oscarr rule="Host(`oscarr.REDACTED.se`)" providerName=cloudflare.acme
time="2020-03-19T19:21:34+01:00" level=debug msg="Domains [\"nzbhydra.REDACTED.se\"] need ACME certificates generation for domains \"nzbhydra.REDACTED.se\"." providerName=cloudflare.acme routerName=hydra2 rule="Host(`nzbhydra.REDACTED.se`)"
time="2020-03-19T19:21:34+01:00" level=debug msg="Loading ACME certificates [www.REDACTED.se]..." providerName=cloudflare.acme routerName=www rule="Host(`www.REDACTED.se`)"
time="2020-03-19T19:21:34+01:00" level=debug msg="Looking for provided certificate(s) to validate [\"sonarr.REDACTED.se\"]..." routerName=sonarr rule="Host(`sonarr.REDACTED.se`)" providerName=cloudflare.acme
time="2020-03-19T19:21:34+01:00" level=debug msg="Looking for provided certificate(s) to validate [\"auth.REDACTED.se\"]..." routerName=auth rule="Host(`auth.REDACTED.se`)" providerName=cloudflare.acme
time="2020-03-19T19:21:34+01:00" level=debug msg="Domains [\"sonarr.REDACTED.se\"] need ACME certificates generation for domains \"sonarr.REDACTED.se\"." providerName=cloudflare.acme routerName=sonarr rule="Host(`sonarr.REDACTED.se`)"
time="2020-03-19T19:21:34+01:00" level=debug msg="Domains [\"auth.REDACTED.se\"] need ACME certificates generation for domains \"auth.REDACTED.se\"." providerName=cloudflare.acme routerName=auth rule="Host(`auth.REDACTED.se`)"
time="2020-03-19T19:21:34+01:00" level=debug msg="Looking for provided certificate(s) to validate [\"plex.REDACTED.se\"]..." providerName=cloudflare.acme routerName=plex rule="Host(`plex.REDACTED.se`)"
time="2020-03-19T19:21:34+01:00" level=debug msg="Domains [\"plex.REDACTED.se\"] need ACME certificates generation for domains \"plex.REDACTED.se\"." providerName=cloudflare.acme routerName=plex rule="Host(`plex.REDACTED.se`)"
time="2020-03-19T19:21:34+01:00" level=debug msg="Loading ACME certificates [jackett.REDACTED.se]..." routerName=jackett rule="Host(`jackett.REDACTED.se`)" providerName=cloudflare.acme
time="2020-03-19T19:21:34+01:00" level=debug msg="Loading ACME certificates [whoami.REDACTED.se]..." providerName=cloudflare.acme routerName=whoami rule="Host(`whoami.REDACTED.se`)"
time="2020-03-19T19:21:34+01:00" level=debug msg="Loading ACME certificates [bazarr.REDACTED.se]..." providerName=cloudflare.acme routerName=bazarr rule="Host(`bazarr.REDACTED.se`)"
time="2020-03-19T19:21:34+01:00" level=debug msg="Loading ACME certificates [headphones.REDACTED.se]..." providerName=cloudflare.acme routerName=headphones rule="Host(`headphones.REDACTED.se`)"
time="2020-03-19T19:21:34+01:00" level=debug msg="Loading ACME certificates [lidarr.REDACTED.se]..." providerName=cloudflare.acme routerName=lidarr rule="Host(`lidarr.REDACTED.se`)"
time="2020-03-19T19:21:34+01:00" level=debug msg="Loading ACME certificates [heimdall.REDACTED.se]..." routerName=heimdall rule="Host(`heimdall.REDACTED.se`)" providerName=cloudflare.acme
time="2020-03-19T19:21:34+01:00" level=debug msg="Loading ACME certificates [nzbget.REDACTED.se]..." rule="Host(`nzbget.REDACTED.se`)" providerName=cloudflare.acme routerName=nzbget
time="2020-03-19T19:21:34+01:00" level=debug msg="Loading ACME certificates [portainer.REDACTED.se]..." providerName=cloudflare.acme routerName=portainer rule="Host(`portainer.REDACTED.se`)"
time="2020-03-19T19:21:34+01:00" level=debug msg="Loading ACME certificates [oscarr.REDACTED.se]..." providerName=cloudflare.acme routerName=oscarr rule="Host(`oscarr.REDACTED.se`)"
time="2020-03-19T19:21:34+01:00" level=debug msg="Loading ACME certificates [nzbhydra.REDACTED.se]..." providerName=cloudflare.acme routerName=hydra2 rule="Host(`nzbhydra.REDACTED.se`)"
time="2020-03-19T19:21:34+01:00" level=debug msg="Loading ACME certificates [sonarr.REDACTED.se]..." providerName=cloudflare.acme routerName=sonarr rule="Host(`sonarr.REDACTED.se`)"
time="2020-03-19T19:21:34+01:00" level=debug msg="Loading ACME certificates [auth.REDACTED.se]..." rule="Host(`auth.REDACTED.se`)" providerName=cloudflare.acme routerName=auth
time="2020-03-19T19:21:34+01:00" level=debug msg="Loading ACME certificates [plex.REDACTED.se]..." rule="Host(`plex.REDACTED.se`)" providerName=cloudflare.acme routerName=plex
time="2020-03-19T19:21:35+01:00" level=debug msg="Using DNS Challenge provider: cloudflare" providerName=cloudflare.acme
time="2020-03-19T19:21:35+01:00" level=error msg="Unable to obtain ACME certificate for domains \"nowshowing.REDACTED.se\": cannot get ACME client cloudflare: some credentials information are missing: CLOUDFLARE_EMAIL,CLOUDFLARE_API_KEY" rule="Host(`nowshowing.REDACTED.se`)" providerName=cloudflare.acme routerName=nowshowing
time="2020-03-19T19:21:35+01:00" level=debug msg="Building ACME client..." providerName=cloudflare.acme
time="2020-03-19T19:21:35+01:00" level=debug msg="https://acme-staging-v02.api.letsencrypt.org/directory" providerName=cloudflare.acme
time="2020-03-19T19:21:36+01:00" level=debug msg="Using DNS Challenge provider: cloudflare" providerName=cloudflare.acme
time="2020-03-19T19:21:36+01:00" level=error msg="Unable to obtain ACME certificate for domains \"ombi.REDACTED.se\": cannot get ACME client cloudflare: some credentials information are missing: CLOUDFLARE_EMAIL,CLOUDFLARE_API_KEY" routerName=ombi rule="Host(`ombi.REDACTED.se`)" providerName=cloudflare.acme
time="2020-03-19T19:21:36+01:00" level=debug msg="Building ACME client..." providerName=cloudflare.acme
time="2020-03-19T19:21:36+01:00" level=debug msg="https://acme-staging-v02.api.letsencrypt.org/directory" providerName=cloudflare.acme
time="2020-03-19T19:21:36+01:00" level=debug msg="Using DNS Challenge provider: cloudflare" providerName=cloudflare.acme
time="2020-03-19T19:21:36+01:00" level=error msg="Unable to obtain ACME certificate for domains \"www.REDACTED.se\": cannot get ACME client cloudflare: some credentials information are missing: CLOUDFLARE_EMAIL,CLOUDFLARE_API_KEY" rule="Host(`www.REDACTED.se`)" providerName=cloudflare.acme routerName=www
time="2020-03-19T19:21:36+01:00" level=debug msg="Building ACME client..." providerName=cloudflare.acme
time="2020-03-19T19:21:36+01:00" level=debug msg="https://acme-staging-v02.api.letsencrypt.org/directory" providerName=cloudflare.acme
time="2020-03-19T19:21:37+01:00" level=debug msg="Using DNS Challenge provider: cloudflare" providerName=cloudflare.acme
time="2020-03-19T19:21:37+01:00" level=error msg="Unable to obtain ACME certificate for domains \"jackett.REDACTED.se\": cannot get ACME client cloudflare: some credentials information are missing: CLOUDFLARE_EMAIL,CLOUDFLARE_API_KEY" providerName=cloudflare.acme routerName=jackett rule="Host(`jackett.REDACTED.se`)"
time="2020-03-19T19:21:37+01:00" level=debug msg="Building ACME client..." providerName=cloudflare.acme
time="2020-03-19T19:21:37+01:00" level=debug msg="https://acme-staging-v02.api.letsencrypt.org/directory" providerName=cloudflare.acme
time="2020-03-19T19:21:37+01:00" level=debug msg="Using DNS Challenge provider: cloudflare" providerName=cloudflare.acme
time="2020-03-19T19:21:37+01:00" level=error msg="Unable to obtain ACME certificate for domains \"whoami.REDACTED.se\": cannot get ACME client cloudflare: some credentials information are missing: CLOUDFLARE_EMAIL,CLOUDFLARE_API_KEY" rule="Host(`whoami.REDACTED.se`)" providerName=cloudflare.acme routerName=whoami
time="2020-03-19T19:21:37+01:00" level=debug msg="Building ACME client..." providerName=cloudflare.acme
time="2020-03-19T19:21:37+01:00" level=debug msg="https://acme-staging-v02.api.letsencrypt.org/directory" providerName=cloudflare.acme
time="2020-03-19T19:21:38+01:00" level=debug msg="Using DNS Challenge provider: cloudflare" providerName=cloudflare.acme
time="2020-03-19T19:21:38+01:00" level=error msg="Unable to obtain ACME certificate for domains \"bazarr.REDACTED.se\": cannot get ACME client cloudflare: some credentials information are missing: CLOUDFLARE_EMAIL,CLOUDFLARE_API_KEY" providerName=cloudflare.acme routerName=bazarr rule="Host(`bazarr.REDACTED.se`)"
time="2020-03-19T19:21:38+01:00" level=debug msg="Building ACME client..." providerName=cloudflare.acme
time="2020-03-19T19:21:38+01:00" level=debug msg="https://acme-staging-v02.api.letsencrypt.org/directory" providerName=cloudflare.acme
time="2020-03-19T19:21:39+01:00" level=debug msg="Using DNS Challenge provider: cloudflare" providerName=cloudflare.acme
time="2020-03-19T19:21:39+01:00" level=error msg="Unable to obtain ACME certificate for domains \"headphones.REDACTED.se\": cannot get ACME client cloudflare: some credentials information are missing: CLOUDFLARE_EMAIL,CLOUDFLARE_API_KEY" providerName=cloudflare.acme routerName=headphones rule="Host(`headphones.REDACTED.se`)"
time="2020-03-19T19:21:39+01:00" level=debug msg="Building ACME client..." providerName=cloudflare.acme
time="2020-03-19T19:21:39+01:00" level=debug msg="https://acme-staging-v02.api.letsencrypt.org/directory" providerName=cloudflare.acme
time="2020-03-19T19:21:39+01:00" level=debug msg="Using DNS Challenge provider: cloudflare" providerName=cloudflare.acme
time="2020-03-19T19:21:39+01:00" level=error msg="Unable to obtain ACME certificate for domains \"lidarr.REDACTED.se\": cannot get ACME client cloudflare: some credentials information are missing: CLOUDFLARE_EMAIL,CLOUDFLARE_API_KEY" routerName=lidarr rule="Host(`lidarr.REDACTED.se`)" providerName=cloudflare.acme
time="2020-03-19T19:21:39+01:00" level=debug msg="Building ACME client..." providerName=cloudflare.acme
time="2020-03-19T19:21:39+01:00" level=debug msg="https://acme-staging-v02.api.letsencrypt.org/directory" providerName=cloudflare.acme
time="2020-03-19T19:21:40+01:00" level=debug msg="Using DNS Challenge provider: cloudflare" providerName=cloudflare.acme
time="2020-03-19T19:21:40+01:00" level=error msg="Unable to obtain ACME certificate for domains \"heimdall.REDACTED.se\": cannot get ACME client cloudflare: some credentials information are missing: CLOUDFLARE_EMAIL,CLOUDFLARE_API_KEY" providerName=cloudflare.acme routerName=heimdall rule="Host(`heimdall.REDACTED.se`)"
time="2020-03-19T19:21:40+01:00" level=debug msg="Building ACME client..." providerName=cloudflare.acme
time="2020-03-19T19:21:40+01:00" level=debug msg="https://acme-staging-v02.api.letsencrypt.org/directory" providerName=cloudflare.acme
time="2020-03-19T19:21:40+01:00" level=debug msg="Using DNS Challenge provider: cloudflare" providerName=cloudflare.acme
time="2020-03-19T19:21:40+01:00" level=error msg="Unable to obtain ACME certificate for domains \"nzbget.REDACTED.se\": cannot get ACME client cloudflare: some credentials information are missing: CLOUDFLARE_EMAIL,CLOUDFLARE_API_KEY" providerName=cloudflare.acme routerName=nzbget rule="Host(`nzbget.REDACTED.se`)"
time="2020-03-19T19:21:40+01:00" level=debug msg="Building ACME client..." providerName=cloudflare.acme
time="2020-03-19T19:21:40+01:00" level=debug msg="https://acme-staging-v02.api.letsencrypt.org/directory" providerName=cloudflare.acme
time="2020-03-19T19:21:41+01:00" level=debug msg="Using DNS Challenge provider: cloudflare" providerName=cloudflare.acme
time="2020-03-19T19:21:41+01:00" level=error msg="Unable to obtain ACME certificate for domains \"portainer.REDACTED.se\": cannot get ACME client cloudflare: some credentials information are missing: CLOUDFLARE_EMAIL,CLOUDFLARE_API_KEY" providerName=cloudflare.acme routerName=portainer rule="Host(`portainer.REDACTED.se`)"
time="2020-03-19T19:21:41+01:00" level=debug msg="Building ACME client..." providerName=cloudflare.acme
time="2020-03-19T19:21:41+01:00" level=debug msg="https://acme-staging-v02.api.letsencrypt.org/directory" providerName=cloudflare.acme
time="2020-03-19T19:21:42+01:00" level=debug msg="Using DNS Challenge provider: cloudflare" providerName=cloudflare.acme
time="2020-03-19T19:21:42+01:00" level=error msg="Unable to obtain ACME certificate for domains \"oscarr.REDACTED.se\": cannot get ACME client cloudflare: some credentials information are missing: CLOUDFLARE_EMAIL,CLOUDFLARE_API_KEY" rule="Host(`oscarr.REDACTED.se`)" providerName=cloudflare.acme routerName=oscarr
time="2020-03-19T19:21:42+01:00" level=debug msg="Building ACME client..." providerName=cloudflare.acme
time="2020-03-19T19:21:42+01:00" level=debug msg="https://acme-staging-v02.api.letsencrypt.org/directory" providerName=cloudflare.acme

The error SHOULD be due to my manual configuration being off but I have tried every combination possible as described Here

cakiwi · March 19, 2020, 8:32pm

Have you tried the full CLOUDFLARE_VARNAME vs CF_VARNAME. As the error indicates that is the one it cares about.

I have only used TLS and HTTP challenge. Just trying to help.

The acme.json is the resultant one, not one you've copied in ?

d4maniac · March 19, 2020, 8:38pm

And I appreciate your time!

I have tried the different variables as specified (thought that could be the problem) but to no avail. The acme is the result of the latest staging (always cleared before trying a new attempt).

Topic		Replies	Views
Traefik doesn't write in acme.json on version 2.3.4 Traefik v2 docker , docker-swarm , letsencrypt-acme	6	3863	December 17, 2020
No ACME certification creation Traefik v2 docker , letsencrypt-acme	2	1776	September 18, 2019
Traefik stopped renewing certificates (During secondary validation Invalid Response 404) Traefik v2 docker-swarm , letsencrypt-acme	3	320	April 29, 2024
Traefik won't create letsencrypt certificate Traefik v2 docker-swarm	1	2939	November 9, 2021
ACME Cert with docker Traefik v2 docker	3	1920	December 16, 2019

Traefik won't update certs

Related topics