Unable to obtain ACME certificate despite setting challenge

cardibash · July 18, 2019, 1:03am

Hello everyone; I'm new to traefik and still somewhat new to docker. I have traefik 1.7.12 running in a docker container deployed via Ansible.

I keep receiving the following error output when restarting traefik to attempt to cert generation:

level=error msg="Unable to obtain ACME certificate for domains \"domain.com\" detected thanks to rule \"Host: domain.com\" : cannot get ACME client ACME challenge not specified, please select TLS or HTTP or DNS Challenge"

My traefik.toml configuration is as follows:

debug = true
checkNewVersion = true

defaultEntryPoints = [ "https", "http" ]

[accessLog]
[traefikLog]

[entryPoints]

  [entryPoints.http]
  address = ":80"
  compress = true

  [entryPoints.http.redirect]
  entryPoint = "https"
  permanent = true

  [entryPoints.https]
  address = ":443"
  compress = true

  [entryPoints.https.tls]

  [entryPoints.traefik]
  address = ":8080"
  compress = true

  [entryPoints.traefik.auth]
  headerField = "X-WebAuth-User"

  [entryPoints.traefik.auth.basic]
  removeHeader = true
  users = [ "user:$path/dir" ]

[api]
[retry]

[docker]
domain = "domain.com"
endpoint = "unix:///var/run/docker.sock"
watch = true
exposedByDefault = true
network = "traefik"

[acme]
email = "user@email.com"
storage = "acme.json"
domain = "domain.com"
caServer = "https://acme-v02.api.letsencrypt.org/directory"
entryPoint = "https"
onHostRule = true
[acme.httpChallenge]
  entryPoint = "https"

I have tried with both HTTP and TLS challenges. The output in my acme.json for challenges in null:


{
  "Account": {
    "Email": “user@email.com”,
    "Registration": {
      "body": {
        "status": "valid",
        "contact": [
          "mailto:user@email.com”
        ]
      },
      "uri": "https://acme-staging-v02.api.letsencrypt.org/acme/acct/xxxxxxx"
    },
    "PrivateKey": “keyinfo…..”,
    "KeyType": "4096"
  },
  "Certificates": null,
  "HTTPChallenges": {},
  "TLSChallenges": {}
}

Not sure if there is somewhere else I need to be setting these challenges; thanks in advance for your help!

EDIT:
traefik_command in my traefik Ansible role's main.yml file did not have the challenge method appended; for anyone else using ansible trying to use TLS challenges, make sure your traefik command looks something like this:
traefik_command: --api --logLevel="DEBUG" --docker --defaultentrypoints="http,https" --acme.storage="acme.json" --acme.caserver="{{ traefik_ca_server }}" --acme.email="user@email.com" --acme.entrypoint="https" --acme.onhostrule="true" --entryPoints='Name:http Address::80 Redirect.EntryPoint:https' --entryPoints='Name:https Address::443 TLS' --acme.tlsChallenge

cardibash · July 18, 2019, 1:39am

Alright party people, time to do my shmoney dance.

I've got this sorted out -- this had to do with my ansible role not having --acme.tlsChallenge appended to the traefik_command -- original post has been edited with solution

Topic		Replies	Views
Cannot get ACME client ACME challenge not specified Traefik v2 letsencrypt-acme	5	5749	October 21, 2020
Dockers Unable to obtain ACME certificate for domains Traefik v2 docker	2	2281	December 4, 2020
Unable to obtain ACME certificate Traefik v2 kubernetes-crd , kubernetes-ingress , letsencrypt-acme	19	5977	August 29, 2022
Cannot obtain ACME certificate Traefik v2 docker , letsencrypt-acme , middleware	3	799	March 11, 2021
Problem obtaining ACME certificate for domain Traefik v2 docker , letsencrypt-acme	0	1387	January 14, 2022

Unable to obtain ACME certificate despite setting challenge

Related topics