Using own certificate

celcin · April 29, 2022, 2:02pm

I want to use my own certificate with traefik, unfortunately tls is not getting verified. The following error from traefik logs:
dir structure as below

docker-compose.yaml
certs/tls.yml
certs/dev.mydomain.com.crt
certs/dev.mydomain.com.key

time="2022-04-29T13:34:35Z" level=debug msg="http: TLS handshake error from 185.188.35.10:7815: remote error: tls: unknown certificate"
time="2022-04-29T13:34:37Z" level=debug msg="Serving default certificate for request: \"self.dev.mydomain.com\""

Here is my docker-compose.yaml

version: "3.3"

services:

  traefik:
    image: "traefik:v2.6"
    container_name: "traefik"
    command:
      - "--log.level=DEBUG"
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--entrypoints.web.http.redirections.entrypoint.to=websecure"
      - "--entrypoints.web.http.redirections.entrypoint.scheme=https"
      - "--providers.file.directory=/etc/certs/"
      - "--providers.file.watch=true"
    ports:
      - "443:443"
      - "8080:8080"
      - "80:80"
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "./certs:/etc/certs"

  fcc:
    image: "nginx"
    container_name: "fcc"
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.fcc.rule=Host(`self.dev.mydomain.com`)"
      - "traefik.http.routers.fcc.entrypoints=websecure"
      - "traefik.http.routers.fcc.tls=true"

and the
tls.yaml

tls:
  certificates:
    - certFile: ./dev.mydomain.com.crt
      keyFile: ./dev.mydomain.com.key

Where do I do wrong?

stevegroom · April 30, 2022, 8:42am

Does your certificate dev.mydomain.com.crt contain a SAN (Subject Alternate Name) field self.mydomain.com.crt or even *.dev.mydomain.com.crt ?

Steve

celcin · May 1, 2022, 12:28pm

Hi Steve,

Here is how SAN looks:
X509v3 Subject Alternative Name:
DNS:dev.mydomain.com, DNS:*.dev.mydomain.com

stevegroom · May 1, 2022, 12:58pm

Not sure you have the certs location correct - the reference is from the inside of the container - therefore /etc/certs...

tls:
  certificates:
    - certFile: /etc/certs/dev.mydomain.com.crt
      keyFile: /etc/certs/dev.mydomain.com.key

celcin · May 1, 2022, 8:40pm

I have tried different ways but still getting same issue.

stevegroom · May 2, 2022, 5:41am

Take a look at this:

specifically “Specifying a default certificate“

celcin · May 2, 2022, 6:39am

This was my first and main guide, but I must say It is not written clearly, and I did 1:1 as described in the article by altering corresponding part, still no success.

stevegroom · May 2, 2022, 12:59pm

From your traefik config, the nginx container is listening on https ( traefik.http.routers.fcc.entrypoints=websecure ). Did you install the same certificate on the nginx server?

What do you get if you connect directly to your nginx service with https?

My next step would be to test https to traefik (terminating the https) and then using http to nginx...

Steve

Topic		Replies	Views
Traefik can't find my own certificate SSL Traefik v2 docker	0	371	July 6, 2022
Traefik v2.10 Configuration Issue with Custom SSL Certificate and Docker Traefik v2 docker	1	1028	December 24, 2023
I'm currently facing an issue while configuring Traefik 2.11 on Docker with my own SSL certificate. Despite making numerous configuration changes and reading forums and documentation, Traefik continues to serve its own certificate Traefik v2 docker	4	397	March 16, 2024
Tls: unknown certificate Traefik v2 docker	1	8018	October 31, 2019
TLS certificates with Docker Traefik v2 docker	2	4361	September 18, 2019

Using own certificate

Related topics