Unable to get letsencrypt cert using traefik on docker

My current setup;
Existing Windows home server using NGINX serving Organizr with a letsencrypt cert generated by winacme (manually). Using NGINX I have a reverse proxy set up with port forwarding for ports 80 and 443 to the local IP for the windows home server. The domain is from dynu and using ddns.

Currently looking to migrate everything I have (whilst keeping my original server up and running) to the following set up:
Proxmox with Linux LXC container on a totally separate machine. Attempting to get everything all up and running prior to fully migrating.
Due to already using ports 80 and 443 I used 8080 and 8443 and forwarded those on my router to the linux LXC IP.

When I have my ngnix service running on my windows server I hit the Organizr login page when using my new domain so its getting confused somewhere and why I presume its not pulling the cert.

I am following a guide from simplehomelabs and getting stuck and pulling a staging cert from letsencrypt using traefik. I obtained a brand new domain from cloudflare and set up a cloudflare API token; * * Zone:Read, DNS:Edit
two domain records > A > domain > public IP > no proxy auto ttl
and CNAME > wildcard/* > domain > no proxy auto ttl

Traefik logs;

2025-02-11T08:29:30Z DBG github.com/traefik/traefik/v3/pkg/tls/tlsmanager.go:228 > Serving default certificate for request: ""
2025-02-11T08:29:36Z DBG github.com/traefik/traefik/v3/pkg/collector/collector.go:52 > Anonymous stats sent to https://collect.traefik.io/yYaUej3P42cziRVzv6T5w2aYy9po2Mrn: {"global":{"checkNewVersion":true,"sendAnonymousUsage":true},"serversTransport":{"maxIdleConnsPerHost":200},"tcpServersTransport":{"dialKeepAlive":"15s","dialTimeout":"30s"},"entryPoints":{"traefik":{"address":"xxxx","transport":{"lifeCycle":{"graceTimeOut":"10s"},"respondingTimeouts":{"readTimeout":"1m0s","idleTimeout":"3m0s"}},"forwardedHeaders":{},"http":{},"http2":{"maxConcurrentStreams":250}},"web":{"address":"xxxx","transport":{"lifeCycle":{"graceTimeOut":"10s"},"respondingTimeouts":{"readTimeout":"1m0s","idleTimeout":"3m0s"}},"forwardedHeaders":{},"http":{"redirections":{"entryPoint":{"to":"websecure","scheme":"https","permanent":true,"priority":9223372036854775806}}},"http2":{"maxConcurrentStreams":250}},"websecure":{"address":"xxxx","transport":{"lifeCycle":{"graceTimeOut":"10s"},"respondingTimeouts":{"readTimeout":"1m0s","idleTimeout":"3m0s"}},"forwardedHeaders":{"trustedIPs":["xxxx","xxxx","xxxx","xxxx","xxxx","xxxx","xxxx","xxxx","xxxx","xxxx","xxxx","xxxx","xxxx","xxxx","xxxx","xxxx","xxxx","xxxx","xxxx"]},"http":{"tls":{"options":"tls-opts@file","certResolver":"dns-cloudflare","domains":[{"main":"xxxx","sans":["xxxx"]}]}},"http2":{"maxConcurrentStreams":250}}},"providers":{"providersThrottleDuration":"2s","docker":{"network":"t3_proxy","watch":true,"defaultRule":"xxxx","endpoint":"xxxx"},"file":{"directory":"/rules","watch":true}},"api":{"dashboard":true},"log":{"level":"DEBUG","format":"common","filePath":"xxxx"},"accessLog":{"filePath":"xxxx","format":"common","filters":{"statusCodes":["204-299","400-499","500-599"]},"fields":{"defaultMode":"keep","headers":{"defaultMode":"drop"}},"bufferingSize":100},"certificatesResolvers":{"dns-cloudflare":{"acme":{"caServer":"xxxx","storage":"/acme.json","keyType":"RSA4096","certificatesDuration":2160,"dnsChallenge":{"provider":"cloudflare","delayBeforeCheck":"1m30s","resolvers":["xxxx","xxxx"]}}}}}
2025-02-11T08:29:37Z WRN github.com/traefik/traefik/v3/pkg/version/version.go:103 > A new release has been found: 3.3.3. Please consider updating.
2025-02-11T08:30:14Z DBG github.com/traefik/traefik/v3/pkg/tls/tlsmanager.go:228 > Serving default certificate for request: ""
2025-02-11T08:30:19Z DBG github.com/traefik/traefik/v3/pkg/tls/tlsmanager.go:228 > Serving default certificate for request: ""
2025-02-11T08:30:26Z DBG github.com/traefik/traefik/v3/pkg/tls/tlsmanager.go:228 > Serving default certificate for request: ""
2025-02-11T08:30:37Z DBG github.com/traefik/traefik/v3/pkg/tls/tlsmanager.go:228 > Serving default certificate for request: ""
2025-02-11T08:31:53Z DBG github.com/traefik/traefik/v3/pkg/tls/tlsmanager.go:228 > Serving default certificate for request: ""
2025-02-11T08:36:15Z DBG github.com/traefik/traefik/v3/pkg/tls/tlsmanager.go:228 > Serving default certificate for request: "my public IP"
2025-02-11T08:39:17Z DBG github.com/traefik/traefik/v3/pkg/tls/tlsmanager.go:228 > Serving default certificate for request: "my public IP"
2025-02-11T08:46:17Z DBG github.com/traefik/traefik/v3/pkg/tls/tlsmanager.go:228 > Serving default certificate for request: "my public IP"
2025-02-11T08:47:34Z DBG github.com/traefik/traefik/v3/pkg/tls/tlsmanager.go:228 > Serving default certificate for request: ""
2025-02-11T08:47:37Z DBG github.com/traefik/traefik/v3/pkg/tls/tlsmanager.go:228 > Serving default certificate for request: ""
2025-02-11T08:53:31Z DBG github.com/traefik/traefik/v3/pkg/tls/tlsmanager.go:228 > Serving default certificate for request: ""
2025-02-11T08:55:05Z DBG github.com/traefik/traefik/v3/pkg/tls/tlsmanager.go:228 > Serving default certificate for request: ""
2025-02-11T08:55:05Z DBG github.com/traefik/traefik/v3/pkg/tls/tlsmanager.go:228 > Serving default certificate for request: "my public IP"
2025-02-11T08:55:05Z DBG log/log.go:245 > http: TLS handshake error from 195.178.110.163:42338: read tcp 192.168.91.2:8080->195.178.110.163:42338: read: connection reset by peer

after a restart of the lxc;
2025-02-11T10:07:13Z DBG github.com/traefik/traefik/v3/pkg/tls/tlsmanager.go:228 > Serving default certificate for request: "hostmypublicip.rangexx-xxx.btcentralplus.com"
2025-02-11T10:07:13Z DBG log/log.go:245 > http: TLS handshake error from 167.94.145.102:39730: tls: client offered only unsupported versions: [302 301]
2025-02-11T10:07:14Z DBG log/log.go:245 > http: TLS handshake error from 152.32.245.196:46520: EOF
2025-02-11T10:07:14Z DBG github.com/traefik/traefik/v3/pkg/tls/tlsmanager.go:228 > Serving default certificate for request: "hostmypublicip.rangexx-xxx.btcentralplus.com
2025-02-11T10:07:15Z DBG log/log.go:245 > http: TLS handshake error from 152.32.245.196:46532: EOF
2025-02-11T10:07:15Z DBG github.com/traefik/traefik/v3/pkg/tls/tlsmanager.go:228 > Serving default certificate for request: "hostmypublicip.rangexx-xxx.btcentralplus.com
2025-02-11T10:07:15Z DBG log/log.go:245 > http: TLS handshake error from 167.94.145.102:39760: tls: client offered only unsupported versions: [301]
2025-02-11T10:07:15Z DBG log/log.go:245 > http: TLS handshake error from 152.32.245.196:46544: read tcp 192.168.91.2:8443->152.32.245.196:46544: read: connection reset by peer
2025-02-11T10:07:17Z DBG log/log.go:245 > http: TLS handshake error from 167.94.145.102:39828: tls: client offered only unsupported versions: []
2025-02-11T10:07:20Z DBG github.com/traefik/traefik/v3/pkg/tls/tlsmanager.go:228 > Serving default certificate for request: ""

I'm presuming the random IPs I'm seeing are some form of port scanning?

Here is my traefik yml:

  # Traefik 3 - Reverse Proxy
  traefik:
    container_name: traefik
    image: traefik:3.0
    security_opt:
      - no-new-privileges:true
    restart: unless-stopped
    # profiles: ["core", "all"]
    networks:
      t3_proxy:
        ipv4_address: 192.168.90.254 # You can specify a static IP
      socket_proxy:
    command: # CLI arguments
      - --global.checkNewVersion=true
      - --global.sendAnonymousUsage=true
      - --entrypoints.web.address=:8080
      - --entrypoints.websecure.address=:8443
      - --entrypoints.traefik.address=:8081
      - --entrypoints.websecure.http.tls=true
      - --entrypoints.web.http.redirections.entrypoint.to=websecure
      - --entrypoints.web.http.redirections.entrypoint.scheme=https
      - --entrypoints.web.http.redirections.entrypoint.permanent=true
      - --api=true
      - --api.dashboard=true
      # - --api.insecure=true
      #- --serversTransport.insecureSkipVerify=true
      # Allow these IPs to set the X-Forwarded-* headers - Cloudflare IPs: https://www.cloudflare.com/ips/
      - --entrypoints.websecure.forwardedHeaders.trustedIPs=$CLOUDFLARE_IPS,$LOCAL_IPS
      - --log=true
      - --log.filePath=/logs/traefik.log
      - --log.level=DEBUG # (Default: error) DEBUG, INFO, WARN, ERROR, FATAL, PANIC
      - --accessLog=true
      - --accessLog.filePath=/logs/access.log
      - --accessLog.bufferingSize=100 # Configuring a buffer of 100 lines
      - --accessLog.filters.statusCodes=204-299,400-499,500-599
      - --providers.docker=true
      # - --providers.docker.endpoint=unix:///var/run/docker.sock # Disable for Socket Proxy. Enable otherwise.
      - --providers.docker.endpoint=tcp://socket-proxy:2375 # Enable for Socket Proxy. Disable otherwise.
      - --providers.docker.exposedByDefault=false
      - --providers.docker.network=t3_proxy 
      # - --providers.docker.swarmMode=false # Traefik v2 Swarm
      # - --providers.swarm.endpoint=tcp://127.0.0.1:2377 # Traefik v3 Swarm
      - --entrypoints.websecure.http.tls.options=tls-opts@file
      # Add dns-cloudflare as default certresolver for all services. Also enables TLS and no need to specify on individual services
      - --entrypoints.websecure.http.tls.certresolver=dns-cloudflare
      - --entrypoints.websecure.http.tls.domains[0].main=$DOMAINNAME_1
      - --entrypoints.websecure.http.tls.domains[0].sans=*.$DOMAINNAME_1
      # - --entrypoints.websecure.http.tls.domains[1].main=$DOMAINNAME_2 # Pulls main cert for second domain
      # - --entrypoints.websecure.http.tls.domains[1].sans=*.$DOMAINNAME_2 # Pulls wildcard cert for second domain
      - --providers.file.directory=/rules # Load dynamic configuration from one or more .toml or .yml files in a directory
      - --providers.file.watch=true # Only works on top level files in the rules folder
      - --certificatesResolvers.dns-cloudflare.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory # LetsEncrypt Staging Server - uncomment when testing
      - --certificatesResolvers.dns-cloudflare.acme.storage=/acme.json
      - --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.provider=cloudflare
      - --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.resolvers=1.1.1.1:53,1.0.0.1:53
      - --certificatesResolvers.dns-cloudflare.acme.dnsChallenge.delayBeforeCheck=90 # To delay DNS check and reduce LE hitrate
    ports:
      - target: 8080
        published: 8080
        protocol: tcp
        mode: host
      - target: 8443
        published: 8443
        protocol: tcp
        mode: host
      # - target: 8080 # need to enable --api.insecure=true
      #  published: 8085
      #  protocol: tcp
      #  mode: host
    volumes:
      - $DOCKERDIR/appdata/traefik3/rules/$HOSTNAME:/rules # Dynamic File Provider directory
      # - /var/run/docker.sock:/var/run/docker.sock:ro # Enable if not using Socket Proxy
      - $DOCKERDIR/appdata/traefik3/acme/acme.json:/acme.json # Certs File 
      - $DOCKERDIR/logs/$HOSTNAME/traefik:/logs # Traefik logs
    environment:
      - TZ=$TZ
      - CF_DNS_API_TOKEN_FILE=/run/secrets/cf_dns_api_token    
      - HTPASSWD_FILE=/run/secrets/basic_auth_credentials # HTTP Basic Auth Credentials
      - DOMAINNAME_1 # Passing the domain name to traefik container to be able to use the variable in rules. 
    secrets:
      - cf_dns_api_token
      - basic_auth_credentials
    labels:
      - "traefik.enable=true"
      # HTTP Routers
      - "traefik.http.routers.traefik-rtr.entrypoints=websecure"
      - "traefik.http.routers.traefik-rtr.rule=Host(`traefik.$DOMAINNAME_1`)"
      # Services - API
      - "traefik.http.routers.traefik-rtr.service=api@internal"
      # Middlewares
      - "traefik.http.routers.traefik-rtr.middlewares=middlewares-basic-auth@file" # For Basic HTTP Authentication

any help much appreciated :slight_smile:

Your config looks complex, even using a socket-proxy, but maybe it's just because of the many comments.

Your issue is not clear.

The logs you show show nothing relevant, TLS handshake error just indicates a client/browser connecting without trusting the TLS cert. It doesn't show any acme interaction with LetsEncrypt. Check your acme.json file if TLS certs have been created.

The host in .rule=Host(`traefik.$DOMAINNAME_1`) should match the incoming request request: "hostmypublicip.rangexx-xxx.btcentralplus.com".

thanks for the reply. I fixed my config (I had accidentally created two traefik folders, one with a wrong spelling and it was pointing to the one with the correct spelling), moved the json file and the tls file and the basic auth middleware file to the correct folder.

Now getting much more promising logs as below.
I can hit the traefik webpage if I do traefik.mydomain.com:8843 but I need to append the port to hit it. I suppose that would be expected I need to append the port as not using standard?
If i do traefik.mydomain.com I just hit the webpage on my ngnix/org/windows server login.

2025-02-11T12:23:09Z DBG github.com/go-acme/lego/v4@v4.17.4/log/logger.go:48 > [INFO] [example.com, *.example.com] acme: Obtaining bundled SAN certificate lib=lego
2025-02-11T12:23:10Z DBG github.com/go-acme/lego/v4@v4.17.4/log/logger.go:48 > [INFO] [*.example.com] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz/184406784/16027334054 lib=lego
2025-02-11T12:23:10Z DBG github.com/go-acme/lego/v4@v4.17.4/log/logger.go:48 > [INFO] [example.com] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz/184406784/16027334064 lib=lego
2025-02-11T12:23:10Z DBG github.com/go-acme/lego/v4@v4.17.4/log/logger.go:48 > [INFO] [*.example.com] acme: use dns-01 solver lib=lego
2025-02-11T12:23:10Z DBG github.com/go-acme/lego/v4@v4.17.4/log/logger.go:48 > [INFO] [example.com] acme: Could not find solver for: tls-alpn-01 lib=lego
2025-02-11T12:23:10Z DBG github.com/go-acme/lego/v4@v4.17.4/log/logger.go:48 > [INFO] [example.com] acme: Could not find solver for: http-01 lib=lego
2025-02-11T12:23:10Z DBG github.com/go-acme/lego/v4@v4.17.4/log/logger.go:48 > [INFO] [example.com] acme: use dns-01 solver lib=lego
2025-02-11T12:23:10Z DBG github.com/go-acme/lego/v4@v4.17.4/log/logger.go:48 > [INFO] [*.example.com] acme: Preparing to solve DNS-01 lib=lego
2025-02-11T12:23:10Z DBG github.com/go-acme/lego/v4@v4.17.4/log/logger.go:48 > [INFO] Found CNAME entry for "_acme-challenge.example.com.": "example.com." lib=lego
2025-02-11T12:23:11Z DBG github.com/go-acme/lego/v4@v4.17.4/log/logger.go:48 > [INFO] cloudflare: new record for example.com, ID d3a10519dd4baa40b457be536dd25f07 lib=lego
2025-02-11T12:23:11Z DBG github.com/go-acme/lego/v4@v4.17.4/log/logger.go:48 > [INFO] [example.com] acme: Preparing to solve DNS-01 lib=lego
2025-02-11T12:23:11Z DBG github.com/go-acme/lego/v4@v4.17.4/log/logger.go:48 > [INFO] Found CNAME entry for "_acme-challenge.example.com.": "example.com." lib=lego
2025-02-11T12:23:12Z DBG github.com/go-acme/lego/v4@v4.17.4/log/logger.go:48 > [INFO] cloudflare: new record for example.com, ID 9b7e4e82a8e0731cbb828e4928654a72 lib=lego
2025-02-11T12:23:12Z DBG github.com/go-acme/lego/v4@v4.17.4/log/logger.go:48 > [INFO] [*.example.com] acme: Trying to solve DNS-01 lib=lego
2025-02-11T12:23:12Z DBG github.com/go-acme/lego/v4@v4.17.4/log/logger.go:48 > [INFO] Found CNAME entry for "_acme-challenge.example.com.": "example.com." lib=lego
2025-02-11T12:23:12Z DBG github.com/go-acme/lego/v4@v4.17.4/log/logger.go:48 > [INFO] [*.example.com] acme: Checking DNS record propagation. [nameservers=1.1.1.1:53,1.0.0.1:53] lib=lego
2025-02-11T12:23:14Z DBG github.com/go-acme/lego/v4@v4.17.4/log/logger.go:48 > [INFO] Wait for propagation [timeout: 2m0s, interval: 2s] lib=lego
2025-02-11T12:23:14Z DBG github.com/traefik/traefik/v3/pkg/provider/acme/provider.go:305 > Delaying 90000000000 rather than validating DNS propagation now. providerName=dns-cloudflare.acme
2025-02-11T12:24:46Z DBG github.com/traefik/traefik/v3/pkg/tls/tlsmanager.go:228 > Serving default certificate for request: ""
2025-02-11T12:24:48Z DBG github.com/go-acme/lego/v4@v4.17.4/log/logger.go:48 > [INFO] [*.example.com] The server validated our request lib=lego
2025-02-11T12:24:48Z DBG github.com/go-acme/lego/v4@v4.17.4/log/logger.go:48 > [INFO] [example.com] acme: Trying to solve DNS-01 lib=lego
2025-02-11T12:24:48Z DBG github.com/go-acme/lego/v4@v4.17.4/log/logger.go:48 > [INFO] Found CNAME entry for "_acme-challenge.example.com.": "example.com." lib=lego
2025-02-11T12:24:48Z DBG github.com/go-acme/lego/v4@v4.17.4/log/logger.go:48 > [INFO] [example.com] acme: Checking DNS record propagation. [nameservers=1.1.1.1:53,1.0.0.1:53] lib=lego
2025-02-11T12:24:50Z DBG github.com/traefik/traefik/v3/pkg/tls/tlsmanager.go:228 > Serving default certificate for request: "mypublicip"
2025-02-11T12:24:50Z DBG github.com/go-acme/lego/v4@v4.17.4/log/logger.go:48 > [INFO] Wait for propagation [timeout: 2m0s, interval: 2s] lib=lego
2025-02-11T12:24:50Z DBG github.com/traefik/traefik/v3/pkg/provider/acme/provider.go:305 > Delaying 90000000000 rather than validating DNS propagation now. providerName=dns-cloudflare.acme
2025-02-11T12:24:52Z DBG github.com/traefik/traefik/v3/pkg/tls/tlsmanager.go:228 > Serving default certificate for request: ""
2025-02-11T12:26:27Z DBG github.com/go-acme/lego/v4@v4.17.4/log/logger.go:48 > [INFO] [example.com] The server validated our request lib=lego
2025-02-11T12:26:27Z DBG github.com/go-acme/lego/v4@v4.17.4/log/logger.go:48 > [INFO] [*.example.com] acme: Cleaning DNS-01 challenge lib=lego
2025-02-11T12:26:27Z DBG github.com/go-acme/lego/v4@v4.17.4/log/logger.go:48 > [INFO] Found CNAME entry for "_acme-challenge.example.com.": "example.com." lib=lego
2025-02-11T12:26:28Z DBG github.com/go-acme/lego/v4@v4.17.4/log/logger.go:48 > [INFO] [example.com] acme: Cleaning DNS-01 challenge lib=lego
2025-02-11T12:26:28Z DBG github.com/go-acme/lego/v4@v4.17.4/log/logger.go:48 > [INFO] Found CNAME entry for "_acme-challenge.example.com.": "example.com." lib=lego
2025-02-11T12:26:29Z DBG github.com/go-acme/lego/v4@v4.17.4/log/logger.go:48 > [INFO] [example.com, *.example.com] acme: Validations succeeded; requesting certificates lib=lego
2025-02-11T12:26:30Z DBG github.com/go-acme/lego/v4@v4.17.4/log/logger.go:48 > [INFO] Wait for certificate [timeout: 30s, interval: 500ms] lib=lego
2025-02-11T12:26:31Z DBG github.com/go-acme/lego/v4@v4.17.4/log/logger.go:48 > [INFO] [example.com] Server responded with a certificate. lib=lego
2025-02-11T12:26:31Z DBG github.com/traefik/traefik/v3/pkg/provider/acme/provider.go:643 > Certificates obtained for domains [example.com *.example.com] ACME CA=https://acme-staging-v02.api.letsencrypt.org/directory acmeCA=https://acme-staging-v02.api.letsencrypt.org/directory providerName=dns-cloudflare.acme
2025-02-11T12:26:31Z DBG github.com/traefik/traefik/v3/pkg/server/configurationwatcher.go:227 > Configuration received config={"http":{},"tcp":{},"tls":{},"udp":{}} providerName=dns-cloudflare.acme
2025-02-11T12:26:31Z DBG github.com/traefik/traefik/v3/pkg/tls/certificate.go:131 > Adding certificate for domain(s) *.example.com,example.com
2025-02-11T12:26:31Z DBG github.com/traefik/traefik/v3/pkg/tls/tlsmanager.go:321 > No default certificate, fallback to the internal generated certificate tlsStoreName=default
2025-02-11T12:26:31Z DBG github.com/traefik/traefik/v3/pkg/middlewares/redirect/redirect_scheme.go:29 > Creating middleware entryPointName=web middlewareName=redirect-web-to-websecure@internal middlewareType=RedirectScheme routerName=web-to-websecure@internal
2025-02-11T12:26:31Z DBG github.com/traefik/traefik/v3/pkg/middlewares/redirect/redirect_scheme.go:30 > Setting up redirection to https 8443 entryPointName=web middlewareName=redirect-web-to-websecure@internal middlewareType=RedirectScheme routerName=web-to-websecure@internal
2025-02-11T12:26:31Z DBG github.com/traefik/traefik/v3/pkg/middlewares/recovery/recovery.go:22 > Creating middleware entryPointName=web middlewareName=traefik-internal-recovery middlewareType=Recovery
2025-02-11T12:26:31Z DBG github.com/traefik/traefik/v3/pkg/middlewares/auth/basic_auth.go:33 > Creating middleware entryPointName=websecure middlewareName=middlewares-basic-auth@file middlewareType=BasicAuth routerName=traefik-rtr@docker
2025-02-11T12:26:31Z DBG github.com/traefik/traefik/v3/pkg/middlewares/observability/middleware.go:33 > Adding tracing to middleware entryPointName=websecure middlewareName=middlewares-basic-auth@file routerName=traefik-rtr@docker
2025-02-11T12:26:31Z DBG github.com/traefik/traefik/v3/pkg/middlewares/recovery/recovery.go:22 > Creating middleware entryPointName=websecure middlewareName=traefik-internal-recovery middlewareType=Recovery
2025-02-11T12:26:31Z DBG github.com/traefik/traefik/v3/pkg/server/router/tcp/manager.go:237 > Adding route for traefik.example.com with TLS options tls-opts@file entryPointName=websecure
2025-02-11T12:26:31Z DBG github.com/traefik/traefik/v3/pkg/provider/acme/provider.go:851 > Looking for provided certificate(s) to validate ["example.com" "*.example.com"]... ACME CA=https://acme-staging-v02.api.letsencrypt.org/directory acmeCA=https://acme-staging-v02.api.letsencrypt.org/directory providerName=dns-cloudflare.acme
2025-02-11T12:26:31Z DBG github.com/traefik/traefik/v3/pkg/provider/acme/provider.go:895 > No ACME certificate generation required for domains ACME CA=https://acme-staging-v02.api.letsencrypt.org/directory acmeCA=https://acme-staging-v02.api.letsencrypt.org/directory domains=["example.com","*.example.com"] providerName=dns-cloudflare.acme

my json also has info:

    "Account": {
      "Email": "",
      "Registration": {
        "body": {
          "status": "valid"
        },
        "uri": "https://acme-staging-v02.api.letsencrypt.org/acme/acct/184406784"
      },
      "PrivateKey": "xxxxxx",
      "KeyType": "xxxx"
    },
    "Certificates": [
      {
        "domain": {
          "main": "example.com",
          "sans": [
            "*.example.com"
          ]
        },
        "certificate": "xxx",
        "key": "xxxx",
        "Store": "default"
      }
    ]
  }
}```

Yes, if you change the port to something else than default (http: 80, https: 443), then you need to place it in your request URL.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.