[英]Traefik: “No ACME certificate generation required for domains” in the logs while using the default cert
I'm struggling with Let's Encrypt setup for my Docker Swarm.我正在努力为我的 Docker Swarm 设置 Let's Encrypt。 Traefik is started this way in my stack's compose file:
Traefik 在我的堆栈的撰写文件中以这种方式启动:
image: traefik:v2.2
ports:
- 80:80
- 443:443
- 8080:8080
command:
- --api
- --log.level=DEBUG
- --providers.docker=true
- --providers.docker.endpoint=unix:///var/run/docker.sock
- --providers.docker.swarmMode=true
- --providers.docker.exposedbydefault=false
- --providers.docker.network=traefik-public
- --entrypoints.http.address=:80
- --entrypoints.https.address=:443
- --certificatesResolvers.certbot=true
- --certificatesResolvers.certbot.acme.httpChallenge=true
- --certificatesResolvers.certbot.acme.httpChallenge.entrypoint=http
- --certificatesResolvers.certbot.acme.email=${EMAIL?Variable EMAIL not set}
- --certificatesResolvers.certbot.acme.storage=/certs/acme-v2.json
- --certificatesResolvers.certbot.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
...networks, volumes...
deploy:
mode: replicated
replicas: 1 # to avoid concurrency issues
...
labels:
- "traefik.docker.network=traefik-public"
- "traefik.enable=true"
- "traefik.http.services.traefik.loadbalancer.server.port=8080"
- "traefik.http.routers.traefik.rule=Host(`traefik.my-domain.com`)"
- "traefik.http.routers.traefik.entrypoints=http,https"
- "traefik.http.routers.traefik.tls.certresolver=certbot"
- "traefik.http.routers.traefik.middlewares=traefik-auth"
- "traefik.http.middlewares.traefik-auth.basicauth.users=admin:${HASHED_PASSWORD?Variable HASHED_PASSWORD not set}"
And I cannot get more than我不能得到更多
level=debug msg="No ACME certificate generation required for domains [\"traefik.my-domain.com\"]." providerName=certbot.acme routerName=traefik@docker rule="Host(`traefik.my-domain.com`)"
I wonder why no ACME certificate is required while Firefox complains of getting the "TRAEFIK DEFAULT CERT" (Chromium also btw).我想知道为什么在 Firefox 抱怨获得“TRAEFIK DEFAULT CERT”(Chromium 也顺便说一句)时不需要 ACME 证书。
I also tried:我也试过:
I've had same issue, and it helped me to change the volume where acme.json is stored.我遇到了同样的问题,它帮助我更改了存储 acme.json 的音量。 I think it's because Traefik sees that acme.json is not empty, he simply doesn't ask for new cert.
我认为这是因为 Traefik 看到acme.json不为空,他根本不要求新证书。
So if you're using something like:所以如果你使用类似的东西:
command:
...
- --certificatesResolvers.certbot.acme.storage=/certs/acme-v2.json
volumes:
- "certs:/certs"
Try to use different volume:尝试使用不同的音量:
command:
...
- --certificatesResolvers.certbot.acme.storage=/letsencrypt/acme-v2.json
volumes:
- "letsencrypt:/letsencrypt"
For me it was the set default (custom) Cert , that was valid for the full domain, so traefik didn't request a specific acme/letsencrypt one, because it thaught it already has one.对我来说,这是设置的默认(自定义)证书,它对整个域都有效,所以 traefik 没有请求特定的 acme/letsencrypt 一个,因为它认为它已经有了一个。
After disabling the custom default cert it worked instantly.禁用自定义默认证书后,它立即生效。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.