Hi,
i know there are already a quadtrillion topics and threads, but after 3 days of reading, i cant figure out, why its not working for me.
no matter what i do, i always end up with a cert for "dashboard.MYSUBDOMAIN.duckdns.org "
despite the fact i define the domain as
certResolver:
letsEncryptdomains:
- main: MYSUBDOMAIN.duckdns.org
sans:
- *.MYSUBDOMAIN.duckdns.org
the cert in the acme.json looks like this:
"Certificates": [
{
"domain": {
"main": "dashboard.MYSUBDOMAIN.duckdns.org",
"sans": [
"MYSUBDOMAIN.duckdns.org"
]
},
i tried to define the domain in my static file and also in the dynamic file for every router.
In my brain it makes sense to define it in the static, as i only want one cert for all my subdomains.
Can anyone review my config and tell me what im doing wrong please:
should i plae the domains command in the static or dynamic.
I think a singe declaration of your wildcard domain under entrypoints should be enough. Not needed again in routers.
I would say the cert was created wrong once. Did you try to delete the file?
Note that you can’t just place /dashboard under /traefik path.
Hi,
i just deleted the acme.json again.
####### traefik.yml:
certificatesResolvers:
letsEncrypt:
acme:
# caServer: "https://acme-v02.api.letsencrypt.org/directory"
caServer: "https://acme-staging-v02.api.letsencrypt.org/directory" # TEST-SERVER
email: "blabla@gmail.com" # Email address used for registration
storage: "/etc/traefik/acme/acme.json" # File or key used for certificates storage, needs 600 file mode
dnsChallenge:
provider: duckdns
disablePropagationCheck: true
delayBeforeCheck: 60
resolvers:
- "1.1.1.1:53"
- "1.0.0.1:53"
entryPoints:
http:
address: ":80" # Create the HTTP entrypoint on port 80
http:
redirections: # HTTPS redirection (80 to 443)
entryPoint:
to: "https" # The target element
scheme: "https" # The redirection target scheme
https:
address: ":443" # Create the HTTPS entrypoint on port 443
http:
tls:
certResolver: letsEncrypt
domains:
- main: "MYSUBDOMAIN.duckdns.org"
sans:
- "*.MYSUBDOMAIN.duckdns.org"
####### config.yml:
http:
routers:
dashboard:
entrypoints: https
rule: "Host(`dashboard.MYSUBDOMAIN.duckdns.org`)"
middlewares: "traefikAuth@file"
tls:
options: modern@file
certResolver: letsEncrypt
service: api@internal
calibre:
entrypoints: https
rule: "Host(`calibre.MYSUBDOMAIN.duckdns.org`) || (Host(`MYSUBDOMAIN.duckdns.org`) && Path(`/calibre`))"
tls:
options: modern@file
certResolver: letsEncrypt
service: calibre
services:
calibre:
loadBalancer:
servers:
- url: http://10.3.100.5:9707/
middlewares:
Here is the log: traefik_log - Pastebin.com
the cert is again issued for dashboard.MYSUBDOMAIN.duckdns.org
Try removing TLS certresolver on router, it is already defined for https entrypoint.
I finally made it ..
The solution for me is to configure the domains in the traefik.ymlcertResolver line in router it will not generate a certificate at all).
So this is the working config:
traefik.yml:
entryPoints:
port 443
http:
tls:
certResolver: letsEncrypt
domains:
- main: "MYSUBDOMAIN.duckdns.org"
sans:
- "*.MYSUBDOMAIN.duckdns.org"
configuration.yml:
http:
routers:
dashboard:
entrypoints: https
# rule: "Host(`dashboard.MYSUBDOMAIN.duckdns.org`) || (Host(`MYSUBDOMAIN.duckdns.org`) && Path(`/traefik`))"
rule: "Host(`dashboard.MYSUBDOMAIN.duckdns.org`)"
# middlewares: "traefikAuth@file, chain-default@file, dashboard-whitelist@file"
middlewares: "traefikAuth@file"
tls:
options: modern@file
certResolver: letsEncrypt
domains:
- main: "MYSUBDOMAIN.duckdns.org"
sans:
- "*.MYSUBDOMAIN.duckdns.org"
service: api@internal
calibre:
entrypoints: https
rule: "Host(`calibre.MYSUBDOMAIN.duckdns.org`) || (Host(`MYSUBDOMAIN.duckdns.org`) && Path(`/calibre`))"
tls:
options: modern@file
certResolver: letsEncrypt
service: calibre
system
March 9, 2024, 7:36am
6
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.