What is a certificate resolver

The docs state:

Traefik requires you to define "Certificate Resolvers" in the static configuration, which are responsible for retrieving certificates from an ACME server.

The config has something like this:

- "--certificatesresolvers.myresolver.acme.dnschallenge.provider=`digitalocean`"

Note the "myresolver".

I guess I don't really understand what is a "resolver". Is it the ACME issuer (letsencrypt), or client, or the DNS provider? Can one have multiple resolvers?

And suppose my domain (and dns records) is registered at NetCheap, my VPS is hosted at DigitalOcean and I'm using Let's Encrypt for certificates. What is my resolver? Is it "netcheap", "digitalocean" or "letsencrypt"?

myresolver is just a name you give to a defined resolver, which you then use to assign to entrypoint or router. See simple Traefik example.

You can have different resolvers for different domains.

Using tlsChallenge is easier, you need to have Host() in your router rule and that domain needs to point to your Traefik IP for validation. dnsChallange is a bit more complicated, only needed for wildcard domains.

1 Like

Thanks once again for helping me @bluepuma77!

Yes I'm using it because I need a wildcart cert.

So a "resolver" is just a mechanism for solving an acme challenge - it's not the actual entities (dns server, hoster, vps, etc.) which are involved with the resolution process.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.