Traefik: acme.json is always empty even when HTTPS seems to work

Created on 8 Apr 2018  路  3Comments  路  Source: traefik/traefik

Do you want to request a feature or report a bug?

question

What did you do?

I have configured traefik in docker swarm with ACME (let's encrypt).
I created an empty acme.json file as mentioned in the docu

touch /opt/traefik/acme.json && chmod 600 /opt/traefik/acme.json

I mapped the acme.json file:

acme.json:/etc/traefik/acme.json

and I added the following ACME config to my traefil.toml file:

[acme]
email = "[email protected]"
storage = "acme.json"
entryPoint = "https"
OnHostRule = true
[acme.httpChallenge]
  entryPoint = "http"

It works out of the box. Great!

What did you expect to see?

From the traefik documentation I would expect that the certificates generated by let's encrypt are stored into the acme.json file.

What did you see instead?

my acme.json file on the docker host is always empty (0 bytes).

Log Entries when access my web page look like this:

proxy_app.1.hwedrjl6fvfa@tocidoc001 time="2018-04-08T21:04:11Z" level=debug msg="Looking for provided certificate to validate www.imixs.org..."
proxy_app.1.hwedrjl6fvfa@tocidoc001 time="2018-04-08T21:04:11Z" level=debug msg="No provided certificate found for domains www.imixs.org, get ACME certificate."
proxy_app.1.hwedrjl6fvfa@tocidoc001 time="2018-04-08T21:04:11Z" level=debug msg="Looking for an existing ACME challenge for www.imixs.org..."
proxy_app.1.hwedrjl6fvfa@tocidoc001 time="2018-04-08T21:04:11Z" level=debug msg="ACME got domain cert www.imixs.org"

So I ask myself: is everything fine or did something went wrong?

Output of traefik version: (_What version of Traefik are you using?_)

v1.5.4: Pulling from library/traefik
Digest: sha256:96fe09a867c29dfd5ecf240c955ae104dc7d3422bcc3d42b74a0d0fcc5a2377f
Status: Downloaded newer image for traefik:v1.5.4
Version:      v1.5.4
Codename:     cancoillotte
Go version:   go1.9.4
Built:        2018-03-15_01:35:21PM
OS/Arch:      linux/amd64
kinquestion statu5-frozen-due-to-age
Source
picture rsoika

All 3 comments

Some additional information:

now after some time playing around I got the following log messages:

proxy_app.1.4iu1551tuwnf@tocidoc001 time="2018-04-08T21:18:50Z" level=error msg="Error getting ACME certificates [www.imixs.org] : cannot obtain certificates map[www.imixs.org:acme: Error 429 - urn:acme:error:rateLimited - Error creating new cert :: too many certificates already issued for exact set of domains: www.imixs.org: see https://letsencrypt.org/docs/rate-limits/]"

This looks that something is wrong.
What can I do to fix this?

rsoika picture rsoika on 8 Apr 2018

Could it be that there is something wrong (or misunderstanding written) in the docu:

https://docs.traefik.io/configuration/acme/#store-data-in-a-file

Maybe the following example is wrong (?):

docker run -v "/my/host/acme.json:acme.json" traefik

....and must be changed into:

docker run -v "/my/host/acme.json:/etc/traefik/acme/acme.json" traefik

rsoika picture rsoika on 8 Apr 2018

Hi! I'm Tr忙fiker :robot: the bot in charge of communication regulation.

Thanks for your interest in Tr忙fik!

We dedicate the issue tracker to bug reports and feature requests only.

If you have questions and need community support, you can join our Slack workspace and reach out to us on the #support channel.

Another option is to use Stack Overflow and tag your question traefik.

Of course, double checking Tr忙fik's documentation is always a good idea :sweat_smile:

traefiker picture traefiker on 9 Apr 2018
👎20 👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

danielh1989 picture danielh1989  路  3Comments
JensErat picture JensErat  路  3Comments
r3pek picture r3pek  路  3Comments
thomas15v picture thomas15v  路  3Comments
Yggdrasil picture Yggdrasil  路  3Comments