Using both File and Docker providers leads to ACME errors

I've posted an issue here:

Unfortunately it was closed by the bot.

To me, it's a bug, as it shows errors that should not be there, or the documentation does not mention clearly enough that this is not possible?

I'd be grateful for someone having a brief look at it.


I just had a brief look on your issue and it looks indeed "interesting".

Can you pass a full log, when it also displays that Traefik received configuration from the docker provider? That might help in figuring out whether it's a race condition or not.

Thanks! I don't think there's any additional logs from the Docker provider – that's all there is. You can see that it picked up the services by the other logs after the "default certificate", e.g.:

traefik    | time="2019-12-13T18:00:47Z" level=debug msg="No entryPoint defined for this router, using the default one(s) instead: [web traefik]" routerName=test-traefik-test@docker


traefik    | time="2019-12-13T17:55:51Z" level=error msg="the service \"test-traefik-test@docker\" does not exist" entryPointName=web routerName=test@file

the message comes because the loading of the dynamic configuration from the file provider is faster than the docker provider, it's expected because to get the configuration from docker we need to made some calls to the docker API.

So you have to define the dynamic configuration for the file provider after the launch of Traefik.

There are no race condition because only the router with a certResolver set on it will be used to get certificates.

version: "3.7"

    image: "traefik:v2.1.1"
    container_name: "traefik"
      - --log.level=INFO
      - --entryPoints.web.address=:80
      - --entryPoints.websecure.address=:443
      - --api.insecure=true
      - --providers.docker.exposedbydefault=false
      - '--providers.docker.defaultRule=Host(`{{ .Name }}.localhost`)'
      - --certificatesresolvers.leresolver.acme.caserver=
      - --certificatesresolvers.leresolver.acme.tlschallenge=true
      - "80:80"
      - "443:443"
      - "8080:8080"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "./config/:/config"
      - "./acme/:/acme"

    image: containous/whoami
      traefik.enable: true
      rule: Host(`test.localhost`)
      service: myservice@docker
        certResolver: le
        - websecure

Thanks for providing a bit of context.

How would I go about "later" loading the dynamic config though? When starting the Docker services, I can't really put a timeout on the mount. During deployment this is probably not possible.

But I guess I'll live with the errors for now; everything is running stable after the initial error messages, and the certificates are resolved.