时间戳

首页 > 解决方案 > Traefik - 无法获取让我们为域加密证书 => acme http 质询超时

docker - Traefik - 无法获取让我们为域加密证书 => acme http 质询超时

问题描述

我正在尝试使用 let's encrypt 保护由 tr​​afik 提供服务的站点。但是,在测试 acme 挑战时它失败了。

time="2019-02-07T23:23:35Z" level=error msg="Unable to obtain ACME certificate for domains \"git.redacted.be\" detected thanks to rule \"Host:git.redacted.be\" : unable to generate a certificate for the domains [git.redacted.be]: acme: Error -> One or more domains had a problem:\n[git.redacted.be] acme: error: 400 :: urn:ietf:params:acme:error:connection :: Fetching http://git.redacted.be/.well-known/acme-challenge/I_44HUy2IqyYZk-6GmfWxtm7Uunx_wid9rgHpXkhZcM: Error getting validation data, url: \n"

该服务器是公开可用的(如果我访问http://git.redacted.be,它会被重定向到 https 并且我可以配置我的 git 服务器),并且可以通过 traefik 访问 gogs(git 服务器)和码头工人。

当我手动导航到提到的 url (.well-known/acme-challenge/...) 时,请求超时但登录 traefik 显示:Error getting challenge for token: cannot find challenge for

我已经尝试了https://github.com/containous/traefik/issues/2763中提到的一些解决方法 (禁用 IPv6 并使用 traefik:alpine)

这是我的设置:

Traefik docker-compose.yml

version: '3.2'
services:
  traefik:
    image: traefik:alpine # The official Traefik docker image
    command: --api --docker --logLevel=info # Enables the web UI and tells Tr ik to listen to docker
    restart: unless-stopped
    ports:
      - "81:80"     # The HTTP port
      - "444:443"
      - "18080:8080" # The Web UI (enabled by --api)
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./traefik.toml:/traefik.toml
      - ./acme.json:/acme.json
    networks:
      - traefik
    logging:
      driver: "json-file"

networks:
  traefik: 
    external:
      name: traefik

Traefik.toml

debug = false

logLevel = "ERROR"
defaultEntryPoints = ["https","http"]

[entryPoints]
  [entryPoints.http]
  address = ":80"
    [entryPoints.http.redirect]
    entryPoint = "https"
  [entryPoints.https]
  address = ":443"
  [entryPoints.https.tls]

[retry]

[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "redacted.be"
watch = true
exposedByDefault = false

[acme]
email = "ronald@redacted.be"
storage = "acme.json"
entryPoint = "https"
caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"
onHostRule = true
  [acme.httpChallenge]
  entryPoint = "http"

我的 git 服务器的 docker-compose:

version: '3.2'
services:
  gogs:
    restart: unless-stopped
    image: gogs/gogs
    volumes:
      - ./data/db:/data/db
      - ./data/git:/data/git
      - ./data/gogs:/data/gogs
    networks: 
      - gogs
      - traefik
    ports:
      - "10022:22"
      - "3000:3000"
    labels:
      - "traefik.port=3000"
      - "traefik.frontend.rule=Host:git.redacted.be"
      - "traefik.docker.network=traefik"

networks:
  gogs:
  traefik: 
    external:
      name: traefik

知道我做错了什么吗?

标签: dockerssllets-encrypttraefik

解决方案

推荐阅读