Traefik 未生成 TLS 证书(错误 401)
Traefik not generating TLS certificate (Error 401)
我希望这里有人能帮助我。
我在 Synology NAS 的 docker 中设置了我的 Traefik,端口 80 和 443 指向它。除 TLS 外,一切正常。我正在使用 Cloudflare DNS 质询,无论我输入什么,它总是会生成 401 无效凭据错误。我已经三次检查了我的电子邮件,API 密钥是正确的。还有其他人遇到这个问题吗?我真的很感激任何帮助:)
docker-compose.yaml
traefik:
image: traefik:latest
container_name: traefik
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
- proxy
ports:
- 80:80
- 443:443
- 8080:8080
environment:
- "CF_API_EMAIL=email"
- "CF_API_KEY=api"
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- ${USERDIR}/traefik/data/traefik.yaml:/traefik.yml:ro
- ${USERDIR}/traefik/data/config.yaml:/config.yml:ro
- ${USERDIR}/traefik/data/acme:/acme
whoami:
container_name: whoami
image: containous/whoami
networks:
- proxy
security_opt:
- no-new-privileges:true
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoami.rule=Host(`example.com`)"
- "traefik.http.routers.whoami.entrypoints=https"
- "traefik.http.routers.whoami.tls=true"
- "traefik.http.routers.whoami.tls.certResolver=myresolver"
traefik.yaml
entryPoints:
http:
address: ":80"
https:
address: ":443"
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false
network: proxy
file:
filename: ./config.yml
certificatesResolvers:
myresolver:
acme:
email: email
storage: /acme/acme.json
dnsChallenge:
provider: cloudflare
resolvers:
- 1.1.1.1:53
- 1.0.0.1:53
caServer: https://acme-staging-v02.api.letsencrypt.org/directory
log
level=error msg="Unable to obtain ACME certificate for domains "example.com": unable to generate a certificate for the domains [example.com]: error: one or more domains had a problem:\n[example.com] [example.com] acme: error presenting token: cloudflare: failed to create TXT record: error from makeRequest: HTTP status 401: invalid credentials\n" providerName=myresolver.acme routerName=whoami@docker rule="Host(`example.com`)"
已在 github post - https://github.com/containous/traefik/issues/6782
中回答
这是由于 cloudflare 最近取消了对 .tk .ml 和少数其他 TLD 的支持以使用它们的 api
我希望这里有人能帮助我。
我在 Synology NAS 的 docker 中设置了我的 Traefik,端口 80 和 443 指向它。除 TLS 外,一切正常。我正在使用 Cloudflare DNS 质询,无论我输入什么,它总是会生成 401 无效凭据错误。我已经三次检查了我的电子邮件,API 密钥是正确的。还有其他人遇到这个问题吗?我真的很感激任何帮助:)
docker-compose.yaml
traefik:
image: traefik:latest
container_name: traefik
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
- proxy
ports:
- 80:80
- 443:443
- 8080:8080
environment:
- "CF_API_EMAIL=email"
- "CF_API_KEY=api"
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- ${USERDIR}/traefik/data/traefik.yaml:/traefik.yml:ro
- ${USERDIR}/traefik/data/config.yaml:/config.yml:ro
- ${USERDIR}/traefik/data/acme:/acme
whoami:
container_name: whoami
image: containous/whoami
networks:
- proxy
security_opt:
- no-new-privileges:true
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoami.rule=Host(`example.com`)"
- "traefik.http.routers.whoami.entrypoints=https"
- "traefik.http.routers.whoami.tls=true"
- "traefik.http.routers.whoami.tls.certResolver=myresolver"
traefik.yaml
entryPoints:
http:
address: ":80"
https:
address: ":443"
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false
network: proxy
file:
filename: ./config.yml
certificatesResolvers:
myresolver:
acme:
email: email
storage: /acme/acme.json
dnsChallenge:
provider: cloudflare
resolvers:
- 1.1.1.1:53
- 1.0.0.1:53
caServer: https://acme-staging-v02.api.letsencrypt.org/directory
log
level=error msg="Unable to obtain ACME certificate for domains "example.com": unable to generate a certificate for the domains [example.com]: error: one or more domains had a problem:\n[example.com] [example.com] acme: error presenting token: cloudflare: failed to create TXT record: error from makeRequest: HTTP status 401: invalid credentials\n" providerName=myresolver.acme routerName=whoami@docker rule="Host(`example.com`)"
已在 github post - https://github.com/containous/traefik/issues/6782
中回答这是由于 cloudflare 最近取消了对 .tk .ml 和少数其他 TLD 的支持以使用它们的 api