Unable to append certificate to store

Traefik Traefik v2 (latest)
1

hello everybody,
i need help.
my traefik version 2 don't run,
this is my error:

Unable to append certificate  to store: unable to generate TLS certificate : tls: failed to find any PEM data in certificate input  tlsStoreName=default

===> this is my configFile

[api]
insecure=true
dashboard=true
debug=true
[log]
level="INFO"
#level= "DEBUG"
#filepath= "debug.log"
[entryPoints]

    [entryPoints.nsia_getAccountList]
        address = "127.0.0.1:80"


    [entryPoints."nsia_GoogleCompte"]
        address ="127.0.0.1:9000"
        [entryPoints.nsia_GoogleCompte.http.redirections.entryPoint]
            to = "websecure"
            scheme = "https"

    [entryPoints."websecure"]
        address =":443"



[providers.file]
directory="/home/frankenzy/traefik/traefik/services/"
watch=true

===> and this my service file: traefik.toml

[http]
[http.routers]

            [http.routers.nsia_Account]
                entryPoints=["nsia_getAccountList"]     
                service="getAccountList"
                rule = "(Path(`/`))"
     
  
           

            [http.routers.GoogleCompte]
                entryPoints = "nsia_GoogleCompte"
                service="nsia_GoogleCompte"
                rule = "(Path(`/`))"
                middlewares = ["nsia_https"]
                [entryPoints.nsia_GoogleCompte.http.tls]
                    [tls.certificates] 
                                certFile = "/traefik/tls/cert.pem"
                                keyFile = "/traefik/tls/private.key"
                
            
    [http.middlewares]
        [http.middlewares.nsia_https.redirectScheme]
            scheme = "https"
            permanent = true
               
       

    [http.services]
        [http.services.nsia_getAccountList]
            [http.services.getAccountList.loadBalancer]
                [[http.services.getAccountList.loadBalancer.servers]]
                    url="http://127.0.0.1:8081"
                [[http.services.getAccountList.loadBalancer.servers]] 
                    url="http://learnifier.com/api/"
            


        [http.services.nsia_GoogleCompte]
            [http.services.nsia_GoogleCompte.loadBalancer]
                [[http.services.nsia_GoogleCompte.loadBalancer.servers]]
                    url="http://127.0.0.1:8000"
                [[http.services.nsia_GoogleCompte.loadBalancer.servers]] 
                    url="http://127.0.0.1:8001"
2

Are your certificate files readable and correct?

3

Hello bluepuma77
yes my certificate files is readable and correct.
because it used on other sever

4

Do your cert files look like the inline example?

tls:
  options:
    default:
      minVersion: VersionTLS12
  certificates:
    - certFile: |-
        -----BEGIN CERTIFICATE-----
        ...
        -----END CERTIFICATE-----
        -----BEGIN CERTIFICATE-----
        ...
        -----END CERTIFICATE-----
        -----BEGIN CERTIFICATE-----
        ...
        -----END CERTIFICATE-----
      keyFile: |-
        -----BEGIN PRIVATE KEY-----
        ...
        -----END PRIVATE KEY-----
1 Like
5

Hello @All I come back because my problem is not solved yet
After reading some documentation, I added the certificate successfully, but
when I launch Traefik
I have a 404 error.

please i need help

6

This my new configuration file:

--------------------------config.toml-------------------------------------
to define the entryPoints

[accesslog]

[api]
insecure=true
dashboard=true
debug=true

[log]
#level="INFO"
level= "DEBUG"
filepath= "/home/frankenzy/traefik/Traefik_2/debug.log"

[entryPoints]

    [entryPoints.nsia]
        address = "127.0.0.1:80"
        [entryPoints.nsia.http.redirections.entryPoint]
            to="nsia_secure"
            scheme="https"
    

    [entryPoints.nsia_secure]
        address = ":443"


[providers.file]
directory="/home/frankenzy/traefik/Traefik_2/services/"
watch=true

----------------------------------Traefik.toml----------------------------------------
In the services folder to define the route

[http]


    [http.routers]
        
            [http.routers.nsia]
                entryPoints=["nsia","nsia_secure"]     
                service="nsia_service"
                rule = "Path(`/`)"

                middlewares=["nsia_https"]
                
                [[tls.certificates]]
                    certFile = "certs/tls/cert.crt"
                    keyFile = "certs/tls/cert.key"
                    stores = ["default"]

                
     
  
    [http.middlewares]
        [http.middlewares.nsia_https.redirectScheme]
            scheme = "https"
            permanent="true"


    [http.services]
        [http.services.nsia_service]
            [http.services.nsia_service.loadBalancer]
                [[http.services.nsia_service.loadBalancer.servers]]
                    url="https://api.publicapis.org/entries"
                [[http.services.nsia_service.loadBalancer.servers]] 
                    url="http://127.0.0.1:8082"

----------------------------------CERT.crt-------------------------------------------------------------

-----BEGIN CERTIFICATE-----
MIIECTCCAvGgAwIBAgIUEO/ORkj4kY9PXf5NnA52XZNGieEwDQYJKoZIhvcNAQEL
BQAwgZMxCzAJBgNVBAYTAkNJMRMwEQYDVQQIDApTb21lLVN0YXRlMRAwDgYDVQQH
DAdBQklESkFOMSEwHwYDVQQKDBhJbnRlcm5ldCBXaWRnaXRzIFB0eSBMdGQxEjAQ
BgNVBAMMCWxvY2FsaG9zdDEmMCQGCSqGSIb3DQEJARYXZnJhbmNpcy5rb25hbkBn
bWFpbC5jb20wHhcNMjMwMzIyMTYzMTMxWhcNMjQwMzIxMTYzMTMxWjCBkzELMAkG
A1UEBhMCQ0kxEzARBgNVBAgMClNvbWUtU3RhdGUxEDAOBgNVBAcMB0FCSURKQU4x
ITAfBgNVBAoMGEludGVybmV0IFdpZGdpdHMgUHR5IEx0ZDESMBAGA1UEAwwJbG9j
YWxob3N0MSYwJAYJKoZIhvcNAQkBFhdmcmFuY2lzLmtvbmFuQGdtYWlsLmNvbTCC
ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALzrIvzXCq1oZyjiVKm9UWkS
vC5N5SP/RyNn+YpPnwZ1suTBEvh4Qt73pzFx3OtGGMN7S3UrYT3NmMo1tQbru5VG
dp/DRiN5Wwp+eQ7Mh2hHpEZwNxsKtqoHAum6AkwG4zkPMPjWEQkoojH/4E4rhglE
uyvx6EDbTtJrPB5hrDZaLQ7mXdGGW54tXDAUBRz228QbQxo4TwpOLplmF/D7q4IK
eGUnR4KXuRaDolIvmvBYwpnvp0tFoDJgDANkKie8ZPVaJn+XirTYwOCxrPOQAPVL
uyQvuFbU/2FTAIocqPiMb+dPCmgRxwAZvAIVdCkkzcW+FUaIlche1WgP9TOxrTsC
AwEAAaNTMFEwHQYDVR0OBBYEFMCaz3LS+xSPAbvND57hcxN9MOGoMB8GA1UdIwQY
MBaAFMCaz3LS+xSPAbvND57hcxN9MOGoMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI
hvcNAQELBQADggEBABdfzKvh3dkT6EONBjpgI7YHFXL/rxd+7fhtDHbiL5co1N4f
FD6NsmheNEfEcGEywK3yQ/BdNeeKccj/4NRdiIJT+2qCRq9nPfZiWBPCn25LIIZd
YxdDjyLWe2c7Zbw01iuVu1NZTlXdZym2K8dmGI8wesIs2ApIVU8QV66Mpqt6xGmr
hPkRAiJsnm5T6eoUcN9FfmM9kE2j9t5LhPBOQO98tw8i5oO8mhZvwJANZMFI0rX4
6cKk6VUq7a0/tFBE0m9BqpTASeBVBwKUWJjoa220MYvZvk3xfh2ExrR0ie/A+mae
fBh6zOxJ7gEOKqO4XdaioXHyA4VcI7jUQZascbQ=
-----END CERTIFICATE-----
7

Can you format your code using 3 backticks or the </> button to make it more readable?

And I have to admit I find the yaml format a lot easier to read/write than toml.

What do you want to do with the certs? They are for the connection to Traefik or for the forward to the service?

You want to load-balance between an external and internal service?

Maybe going back to higher level: what do you want to achieve?

8

Sorry for this confusion
Yes i want to load-balance between an external service.

this is my service

[http.services]
        [http.services.nsia_service]
            [http.services.nsia_service.loadBalancer]
                [[http.services.nsia_service.loadBalancer.servers]]
                    url="https://api.publicapis.org/entries"
9 
This is my entire problem.


I am working on a project for a company that does not have access to the internet and only uses an intranet. We want to set up a reverse proxy to access a service from the internet but in a controlled manner. After some research, I opted for Traefik.

However, I am facing some difficulties in configuring the reverse proxy. I managed to install Traefik and configure the entry points for incoming traffic, but I am struggling to configure SSL certificates and routing rules to direct traffic to the right services.