问题
I am trying to set up traefik along with this tutorial: https://www.digitalocean.com/community/tutorials/how-to-use-traefik-as-a-reverse-proxy-for-docker-containers-on-ubuntu-16-04
Here's the traefik.toml I'm using:
defaultEntryPoints = ["http", "https"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[web]
address = ":8080"
[web.auth.basic]
users = [myuserandpw]
[acme]
email = "myemailadress"
storage = "acme.json"
entryPoint = "https"
onHostRule = true
onDemand = false
What happens now when I want to open up the monitor dashboard is that I get a warning that my connection is not secure. It states that my website is using a self-signed certificate (Error code: SEC_ERROR_UNKOWN_ISSUER). Which is true because the traefik default cert is being used instead of a new one from let's encrypt. What could be the reason for this?
回答1:
Due to a Let's Encrypt issue (https://community.letsencrypt.org/t/important-what-you-need-to-know-about-tls-sni-validation-issues/50811) you must change your acme configuration:
- Træfik 1.4: use the DNS challenge https://docs.traefik.io/v1.4/configuration/acme/#dnsprovider
- Træfik 1.5: use the HTTP challenge https://docs.traefik.io/v1.5/configuration/acme/#acmehttpchallenge or the DNS challenge https://docs.traefik.io/v1.5/configuration/acme/#acmednschallenge
来源:https://stackoverflow.com/questions/48408184/traefik-will-issue-certificate-instead-of-lets-encrypt