Upgraded to 2.0-alpine beta docker image, LE now broken - no certs are being made in the logs

And the acme.json format changes so I am forced to renew them all.

[log]
level = "DEBUG"

[providers]
  [providers.file]
   filename = "/o/traefik.toml"
[providers.docker]
endpoint = "unix:///var/run/docker.sock"
watch = true
exposedByDefault = false
usebindportip = false

[api]
  #entryPoint = "traefik"
  dashboard = true

[entryPoints]
  [entryPoints.web]
    address = ":80"

  [entryPoints.web-secure]
    address = ":443"

[retry]


[certificatesResolvers.sample.acme]
  email = "zack@x.com"
  storage = "/o/acme.json"
  [acme.httpChallenge]
    # used during the challenge
    entryPoint = "web"

#[accessLog]
  #filePath = "/var/log/access.log"

[http.routers]
  [http.routers.web-secure-redirect]
  rule = "HostRegexp(`{any:.*}`)"
  middlewares = ["web-secure-redirect"]
  service = "dummy"

[http.middlewares]
  [http.middlewares.web-secure-redirect.redirectscheme]
    scheme = "https"

[http.services]
  [http.services.dummy.LoadBalancer]
     [[http.services.dummy.LoadBalancer.servers]]
        url = ""

Hello, take a look to this topic: [fixed] ACME config seems broken in beta1

@Zack if you run through your logs you should see what's going wrong by grepping for error and cert.

Here's my dnsChallenge config:

[certificatesresolvers.cloudflare.acme]
  email = "email@gmail.com"
  storage = "/acme.json"
  [certificatesresolvers.cloudflare.acme.dnschallenge]
    provider = "cloudflare"
    delayBeforeCheck = 3
    resolvers = ["1.1.1.1:53", "1.0.0.1:53"]

There is an eror in your configuration:

[certificatesResolvers.sample.acme]
  email = "zack@x.com"
  storage = "/o/acme.json"
  [acme.sample.httpChallenge] # <------------
    # used during the challenge
    entryPoint = "web"

Hi all, and thank you for the help.

For some reason I wasn't able to see any acme errors, it just stayed silent in that regard.

I've moved forward with everyone's help, now I'm getting:

time="2019-08-04T14:51:25Z" level=debug msg="No domain parsed in provider ACME" routerName=t rule="HostRegexp(`{host:.*}`)" providerName=acme.basic
traefik.toml
[log]
level = "DEBUG"

[providers]
  [providers.file]
   filename = "/o/dynt.toml"
[providers.docker]
endpoint = "unix:///var/run/docker.sock"
watch = true
exposedByDefault = false
usebindportip = false

[api]
  #entryPoint = "traefik"
  dashboard = true

[entryPoints]
  [entryPoints.web]
    address = ":80"

  [entryPoints.web-secure]
    address = ":443"

[retry]


[certificatesResolvers.basic.acme]
  email = "acme@apertron.com"
  storage = "/o/acme.json"
  [acme.basic.httpChallenge]
    # used during the challenge
    entryPoint = "web"

dynt.toml
[http]
  [http.middlewares]
    [http.middlewares.compression.compress]
    # https redirect
    [http.middlewares.https_redirect.redirectscheme]
      scheme = "https"
      permanent = true

[http.routers]
  [http.routers.t]
  rule = "HostRegexp(`{host:.*}`)"
    [http.routers.t.tls]
      certResolver = "basic"
compose
 reverse-proxy:
    image: traefik:2.0-alpine
    command:   --configFile=/o/traefik.toml --api --providers.docker  # Enables the web UI and tells Traefik to listen to docker
    ports:
      - "80:80"     # The HTTP port
      - "443:443"     # The HTTP port
      - "9800:8080"     # The HTTP port
    networks:
      - web

    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /opt/traefik/traefik.toml:/traefik.toml
      - /opt/traefik:/o/
      - /var/log/access.log:/var/log/access.log
    container_name: traefik
    labels:
            - "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
            - "traefik.http.routers.http-catchall.entrypoints=web"
            - "traefik.http.routers.http-catchall.middlewares=https_redirect"
            - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"

Thanks again.

A router define in the file provider must be linked to a service.
In Docker, by default, if there is only one router, the service is automatically created and linked to the router.

By default Traefik try to find a Host() rule (HostRegexp() is different from Host()).
If there is no Host() rule, Traefik will try to use the domains defined in the tls section of the router.

Hi,

How can I have a default configuration for all routers? I want to ACME used for all routers, as before, do I need to specify a cert provider in all my docker compose files or is there a way to do it in one fell swoop?

Thanks,
Zack

time="2019-08-04T19:07:18Z" level=info msg="Testing certificate renew..." providerName=acme.basic
time="2019-08-04T19:07:18Z" level=debug msg="Configuration received from provider acme.basic: {\"http\":{},\"tls\":{}}" providerName=acme.basic

I don't get much else, nothing saying error.

With the new certificate resolvers it's not possible: you have to define the certResolver on all routers.

Any plans to change that? :frowning:

With this change, you can now have dynamic wildcards certificates, use multiple acme challenges, and more.
To do that you have to define the certResolver on the routers.

Then there is a cost but it seems acceptable.

@Zack with your config, did you find your certificate actually being stored in /o/acme.json?