Docker Traefik和letsencrypt通配符

时间:2018-04-07 20:17:42

标签: docker lets-encrypt traefik

我一直试图让traefik在我的域上安装通配符证书,这需要dns挑战 从阅读日志看来它似乎能够实际发出证书但不能正确安装

time="2018-04-07T19:10:35Z" level=debug msg="Unable to marshal provider conf *acme.Provider with error: json: unsupported type: chan *acme.StoredData"
legolog: 2018/04/07 19:10:57 [INFO][example.tld] The server validated our request
legolog: 2018/04/07 19:10:58 [INFO][*.example.tld] acme: Validations succeeded; requesting certificates
legolog: 2018/04/07 19:11:01 [INFO][*.example.tld] Server responded with a certificate.
time="2018-04-07T19:11:01Z" level=error msg="Error loading new configuration, aborted unable to generate TLS certificate : tls: failed to find any PEM data in certificate input"
time="2018-04-07T19:12:33Z" level=debug msg="http2: server: error reading preface from client ******omitted***: remote error: tls: unknown certificate authority"

我的域名dns提供商是cloudflare

这是我的docker docker-compose.yml 

version: '2'

services:
  traefik:
    image: traefik:1.6.0-rc4
    command: --api --docker
    restart: always
    ports:
      - 80:80
      - 443:443
      - 8080:8080
    networks:
      - web
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /opt/traefik/traefik.toml:/traefik.toml
      - /opt/traefik/acme.json:/acme.json
    environment:
      - CLOUDFLARE_EMAIL=admin@example.tld
      - CLOUDFLARE_API_KEY=
    container_name: traefik

networks:
  web:
    external: true

我的traefik.toml 

debug = true

logLevel = "DEBUG"
defaultEntryPoints = ["https","http"]

[entryPoints]
  [entryPoints.http]
  address = ":80"
    [entryPoints.http.redirect]
    entryPoint = "https"
  [entryPoints.https]
  address = ":443"
  [entryPoints.https.tls]

[retry]

[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "example.tld"
watch = true
exposedbydefault = false

[acme]
email = "admin@example.tld"
storage = "acme.json"
entryPoint = "https"
OnHostRule = true
acmeLogging = true
[acme.dnsChallenge]
  provider = "cloudflare"
  delayBeforeCheck = 0

[[acme.domains]]
   main = "example.tld"
[[acme.domains]]
   main = "*.example.tld"

1 个答案:

答案 0 :(得分:6)

我能够解决这个问题,这是我的错误。

在traefik.toml中 您不能将OnHostRule = true用于通配符证书

ReadMore: https://github.com/containous/traefik/blob/master/docs/configuration/acme.md#onhostrule

相关问题
最新问题