我想使用route53与docker生成证书,这是我的docker-compose.yml:
reverse-proxy:
image: traefik
restart: unless-stopped
command:
--api --docker
ports:
- "${HOST_IP:-127.0.0.1}:${HTTP_PORT:-80}:80"
- "${HOST_IP:-127.0.0.1}:${HTTPS_PORT:-443}:443"
volumes:
- ./traefik.toml:/traefik.toml
- ./acme.json:/acme.json
- /var/run/docker.sock:/var/run/docker.sock
environment:
- AWS_ACCESS_KEY_ID=xxxxxxxxxxxxxxx
- AWS_SECRET_ACCESS_KEY=xxxxxxxxxxxx
- LOOPIA_User=xxxxxxxx
- LOOPIA_Password=xxxxxxxx
labels:
- "traefik.port=8080"
- "traefik.frontend.rule=Host:${TRAEFIK_NAME:-traefik}.${TOP_DOMAIN:-local.test.com}"
networks:
default:
aliases:
- "${ADMIN2_NAME:-admin2}.${TOP_DOMAIN:-local.test.com}"
- "${ADMIN2_NAME:-admin2}-test.${TOP_DOMAIN:-local.test.com}"
对于我的traefik.toml,我有这个:
defaultEntryPoints = ["http", "https"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
# Enable ACME (Let's Encrypt) automate SSL
[acme]
email = "ssasnaoui@test.com"
storageFile = "acme.json"
dnsProvider = "route53"
entryPoint = "https"
onDemand = true
onHostRule = true
acmeLogging = true
[acme.httpChallenge]
entryPoint = "http"
[[acme.domains]]
main = "*.local.test.com"
sans = ["local.test.com"]
但是当我尝试运行docker compose时,我遇到了这个问题:
level = error msg =“无法获得域\” .local.test.com,test.grandid.com \“的ACME证书:无法为域[生成证书。 [local.test.com local.test.com]:acme:错误->一个或多个域出现问题:\ n [*。local.test.com]超过时间限制:最后一个错误:NS ns2.loopia.se。未返回预期的TXT记录[fqdn:_acme-challenge.local.grandid.com。,值:mMbMAVmh8Wab8xxxxxYZGQ2tX3MfMk]:oe-TH96KLBjIhVKBRvxxxxftzPrkYFg \ n [local.test.com]超过了时限:错误:循环。 se。未返回预期的TXT记录[fqdn:_acme-challenge.local.test.com。,值:_w1GRDATEKZL-d1u717rUsDbxxxl0MXk]:oe-TH96KLBjIhVKBxxxSmsxYVNdSftzPrkYFg \ n