I'm trying to use a wildcard SSL certificate instead of traefik default cert. but I have seen below error logs in container. Please help on this..
Thanks
[root@manager ingress]# docker logs a75df542351a | grep error
time="2021-12-05T18:25:43Z" level=error msg="Error while creating certificate store: failed to load X509 key pair: tls: failed to find any PEM data in certificate input" tlsStoreName=default
time="2021-12-05T18:25:43Z" level=error msg="Unable to append certificate /root/ingress/certs/tls.crt to store: unable to generate TLS certificate : tls: failed to find any PEM data in certificate input" tlsStoreName=default
time="2021-12-05T18:25:43Z" level=error msg="Error during the build of the default TLS configuration: TLS store default not found" entryPointName=websecure
time="2021-12-05T18:25:43Z" level=error msg="Error during the build of the default TLS configuration: TLS store default not found" entryPointName=traefik
time="2021-12-05T18:25:43Z" level=error msg="Error while creating certificate store: failed to load X509 key pair: tls: failed to find any PEM data in certificate input" tlsStoreName=default
time="2021-12-05T18:25:43Z" level=error msg="Unable to append certificate /root/ingress/certs/tls.crt to store: unable to generate TLS certificate : tls: failed to find any PEM data in certificate input" tlsStoreName=default
time="2021-12-05T18:25:43Z" level=error msg="Error during the build of the default TLS configuration: TLS store default not found" entryPointName=websecure
time="2021-12-05T18:25:43Z" level=error msg="Error during the build of the default TLS configuration: TLS store default not found" entryPointName=traefik
Thanks, I added the static content but still I see same unknow certificate error.. and also I tested host rule for ngnix service with tls labels and rule is working but it take more time to reach ngnix welcome page..
I'm using my own certificates also in all my traefik services, so please double check your tls files (crt and key) are fine (no extra space or something).
If the tls files look fine It looks a networking issue when 'traefik' tries to resolve the key pair. Can you ping here how you created the traefik network?
Check your traefik network has attributes as: "driver--> overlay", "scope --> swarm".
certificate provided by Go Daddy I verified the crts is fine only and I find out the issue for why so much take time to reach the nginx welcome page.. that was my fault only. I saved so many DNS entries with same name different IP's. so it's trying to connect old entries..
For network part I created the same way only with overlay driver and the swarm scope.
So now I have only one problem is unknown certificate and bad certificate errors in container logs..
time="2021-12-11T12:46:59Z" level=debug msg="http: TLS handshake error from 10.0.0.2:57826: remote error: tls: unknown certificate"
time="2021-12-11T12:46:59Z" level=debug msg="http: TLS handshake error from 10.0.0.2:57827: remote error: tls: unknown certificate"
time="2021-12-11T12:50:29Z" level=debug msg="http: TLS handshake error from 10.0.0.2:57912: remote error: tls: bad certificate"
time="2021-12-11T12:50:29Z" level=debug msg="http: TLS handshake error from 10.0.0.2:57913: remote error: tls: bad certificate"
Example to run multiple Traefik instances with custom TLS certs in Docker Swarm.
docker-compose.yml adds the TLS cert files as Docker Secret and config files as Docker Config, so they are available on all nodes. Docker networks created externally (manually on CLI).
traefik.yml creates the providers and entrypoints. Note that certResolver does not work when having multiple Traefik instances. We run a managed LoadBalancer in front of the Traefik instances, that's why we use proxyProtocol.
Additional note: Traefik LetsEncrypt is not clustered in the community edition. So we created a little certbot service to create the LE certs and then provide them via HTTP to the Traefik instances (link), that's why priority is in there. But this is not actively used.