Let's Encrypt with Traefik

2
votes

I try to use Let's Encrypt with Traefik, but here are Traefik's log:

Looking for provided certificate to validate [rancher.foo.bar]...
No provided certificate found for domains [rancher.foo.bar], get ACME certificate.
Looking for an existing ACME challenge for rancher.foo.bar...
No certificate found or generated for rancher.foo.bar
http2: server: error reading preface from client 1.2.3.4:60876: remote error: tls: unknown certificate authority

Here is my config:

traefikLogsFile = "/tmp/traefik.log"
logLevel = "DEBUG" # DEBUG, INFO, WARN, ERROR, FATAL, PANIC
[accessLog]
filePath = "/tmp/access.log"


[entryPoints]
  [entryPoints.http]
  address = ":80"
    [entryPoints.https]
    address = ":443"
      [entryPoints.https.tls]

# Enable ACME (Let's Encrypt): automatic SSL.
[acme]
email = "[email protected]"
storage = "/tmp/acme.json"
entryPoint = "https"
onHostRule = true
[acme.httpChallenge]
entryPoint = "http"


[api]
entryPoint = "traefik"
dashboard = true


[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "foo.bar"
watch = true
exposedbydefault = true
usebindportip = true
swarmmode = false

Traefik providers:

{
  "docker": {
    "backends": {
      "backend-rancher": {
        "servers": {
          "server-rancher": {
            "url": "http://172.17.0.3:8080",
            "weight": 0
          }
        },
        "loadBalancer": {
          "method": "wrr"
        }
      }
    },
    "frontends": {
      "frontend-Host-rancher-foo-bar-0": {
        "entryPoints": [
          "http"
        ],
        "backend": "backend-rancher",
        "routes": {
          "route-frontend-Host-rancher-foo-bar-0": {
            "rule": "Host:rancher.foo.bar"
          }
        },
        "passHostHeader": true,
        "priority": 0,
        "basicAuth": []
      }
    }
  }
}

What's wrong?
Thanks

2
lets-encrypttraefik
In fact, we need more logs to understand your problem. What the logs say here, is that your certificate had never been generated. You enabled onHostRule, do you have a backend with an Host rule for foo.bar.baz ?Julien SALLEYRON
I updated my message and add traefik providersmykiwi
Could you add your full TOML configuration?ldez
Ok I updated my configmykiwi

2 Answers

4
votes

You use onHostRule, this will request a certificate from Let's Encrypt for each frontend with a Host rule. But you need your frontent to be assigned to the TLS entrypoint of ACME. (here https).

So in your docker labels, you need to add https on the frontend.entrypoint.

1
votes

Could you add:

defaultEntryPoints = ["http", "https"]

on the top of your TOML file.