获取ssl证书的问题
Issues obtaining ssl certificate
背景
我正在尝试将 traefik 仪表板设置为可在 sub.domain.com 访问,并通过 Let's Encrypt SSL 证书自动保护它。使用下面的配置文件,我成功地设置了容器并使仪表板可以通过 https://sub.domain.com.
访问
我有多个A记录指向同一个IP,即VPS:
- sub.domain.com
- server1.domain.com
问题
加载仪表板页面后,我收到一个不受信任的证书错误。
日志和配置
- 检查 Traefik 仪表板证书显示它是 Traefik 自签名证书。
查看容器日志,我可以看到以下内容
time="2018-01-23T04:47:53Z" level=info msg="Generating ACME Account..."
time="2018-01-23T04:48:11Z" level=debug msg="Building ACME client..."
time="2018-01-23T04:48:11Z" level=info msg=Register...
time="2018-01-23T04:48:12Z" level=debug msg=AgreeToTOS...
time="2018-01-23T04:48:12Z" level=info msg="Preparing server traefik &{Network: Address::8080 TLS:<nil> Redirect:<nil> Auth:<nil> WhitelistSourceRange:[] Compress:false ProxyProtocol:<nil> ForwardedHeaders:0xc4202a2940} with readTimeout=0s writeTimeout=0s idleTimeout=3m0s"
time="2018-01-23T04:48:12Z" level=info msg="Retrieving ACME certificates..."
time="2018-01-23T04:48:12Z" level=info msg="Retrieved ACME certificates"
time="2018-01-23T04:48:12Z" level=info msg="Starting provider *docker.Provider {"Watch":true,"Filename":"","Constraints":null,"Trace":false,"DebugLogGeneratedTemplate":false,"Endpoint":"unix:///var/run/docker.sock","Domain":"bendwyer.net","TLS":null,"ExposedByDefault":false,"UseBindPortIP":false,"SwarmMode":false}"
time="2018-01-23T04:48:12Z" level=info msg="Starting server on :443"
time="2018-01-23T04:48:12Z" level=info msg="Starting server on :8080"
time="2018-01-23T04:48:12Z" level=info msg="Testing certificate renew..."
- 正在检查
acme.json
我可以看到该文件已填充了 Let's Encrypt 信息,但证书部分是空白的。
traefik.toml
defaultEntryPoints = ["http", "https"]
debug = true
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[acme]
email = "name@domain.com"
storage = "acme.json"
entryPoint = "https"
[acme.httpChallenge]
entryPoint = "http"
OnHostRule = true
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "domain.com"
watch = true
exposedbydefault = false
docker-compose.yml
version: '2'
services:
traefik:
image: traefik:1.5-alpine
command: --web
ports:
- "80:80"
- "443:443"
restart: always
labels:
- "traefik.enable=true"
- "traefik.backend=sub"
- "traefik.frontend.rule=Host:sub.domain.com"
- "traefik.port=8080"
- "traefik.frontend.auth.basic=user:htpasswd"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"
- "./traefik.toml:/traefik.toml"
- "./acme.json:/acme.json"
container_name: traefik
networks:
- default
您必须像这样更改您的配置:
[acme]
email = "name@domain.com"
storage = "acme.json"
entryPoint = "https"
OnHostRule = true # <-----------
[acme.httpChallenge]
entryPoint = "http"
背景
我正在尝试将 traefik 仪表板设置为可在 sub.domain.com 访问,并通过 Let's Encrypt SSL 证书自动保护它。使用下面的配置文件,我成功地设置了容器并使仪表板可以通过 https://sub.domain.com.
访问我有多个A记录指向同一个IP,即VPS:
- sub.domain.com
- server1.domain.com
问题
加载仪表板页面后,我收到一个不受信任的证书错误。
日志和配置
- 检查 Traefik 仪表板证书显示它是 Traefik 自签名证书。
查看容器日志,我可以看到以下内容
time="2018-01-23T04:47:53Z" level=info msg="Generating ACME Account..." time="2018-01-23T04:48:11Z" level=debug msg="Building ACME client..." time="2018-01-23T04:48:11Z" level=info msg=Register... time="2018-01-23T04:48:12Z" level=debug msg=AgreeToTOS... time="2018-01-23T04:48:12Z" level=info msg="Preparing server traefik &{Network: Address::8080 TLS:<nil> Redirect:<nil> Auth:<nil> WhitelistSourceRange:[] Compress:false ProxyProtocol:<nil> ForwardedHeaders:0xc4202a2940} with readTimeout=0s writeTimeout=0s idleTimeout=3m0s" time="2018-01-23T04:48:12Z" level=info msg="Retrieving ACME certificates..." time="2018-01-23T04:48:12Z" level=info msg="Retrieved ACME certificates" time="2018-01-23T04:48:12Z" level=info msg="Starting provider *docker.Provider {"Watch":true,"Filename":"","Constraints":null,"Trace":false,"DebugLogGeneratedTemplate":false,"Endpoint":"unix:///var/run/docker.sock","Domain":"bendwyer.net","TLS":null,"ExposedByDefault":false,"UseBindPortIP":false,"SwarmMode":false}" time="2018-01-23T04:48:12Z" level=info msg="Starting server on :443" time="2018-01-23T04:48:12Z" level=info msg="Starting server on :8080" time="2018-01-23T04:48:12Z" level=info msg="Testing certificate renew..."
- 正在检查
acme.json
我可以看到该文件已填充了 Let's Encrypt 信息,但证书部分是空白的。
traefik.toml
defaultEntryPoints = ["http", "https"]
debug = true
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[acme]
email = "name@domain.com"
storage = "acme.json"
entryPoint = "https"
[acme.httpChallenge]
entryPoint = "http"
OnHostRule = true
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "domain.com"
watch = true
exposedbydefault = false
docker-compose.yml
version: '2'
services:
traefik:
image: traefik:1.5-alpine
command: --web
ports:
- "80:80"
- "443:443"
restart: always
labels:
- "traefik.enable=true"
- "traefik.backend=sub"
- "traefik.frontend.rule=Host:sub.domain.com"
- "traefik.port=8080"
- "traefik.frontend.auth.basic=user:htpasswd"
volumes:
- "/var/run/docker.sock:/var/run/docker.sock"
- "./traefik.toml:/traefik.toml"
- "./acme.json:/acme.json"
container_name: traefik
networks:
- default
您必须像这样更改您的配置:
[acme]
email = "name@domain.com"
storage = "acme.json"
entryPoint = "https"
OnHostRule = true # <-----------
[acme.httpChallenge]
entryPoint = "http"