ssl - Traefik+Swarm+LetsEncrypt = acme:错误:400 无法为域生成证书
问题描述
我正在使用这个 Traefik 配置:
version: '3.3'
services:
traefik:
image: traefik:v2.4
ports:
- 80:80
- 443:443
deploy:
labels:
- traefik.enable=true
- traefik.docker.network=traefik
- traefik.constraint-label=traefik
- traefik.http.middlewares.admin-auth.basicauth.users=admin:$$apr1$$HiGYNZni$$kpY9rDMYdes7A/4Zz7gca/
- traefik.http.middlewares.https-redirect.redirectscheme.scheme=https
- traefik.http.middlewares.https-redirect.redirectscheme.permanent=true
- traefik.http.routers.traefik-http.rule=Host("traefik.course.domain.com")
- traefik.http.routers.traefik-http.entrypoints=http
- traefik.http.routers.traefik-http.middlewares=https-redirect
- traefik.http.routers.traefik-https.rule=Host("traefik.course.domain.com")
- traefik.http.routers.traefik-https.entrypoints=https
- traefik.http.routers.traefik-https.tls=true
- traefik.http.routers.traefik-https.service=api@internal
- traefik.http.routers.traefik-https.tls.certresolver=le
- traefik.http.routers.traefik-https.middlewares=admin-auth
- traefik.http.services.traefik.loadbalancer.server.port=8080
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- /nfs/swarm/traefik/acme:/certificates
- /nfs/swarm/traefik/logs:/logs
command:
- --providers.docker
- --providers.docker.constraints=Label("traefik.constraint-label", "traefik")
- --providers.docker.exposedbydefault=false
- --providers.docker.swarmmode
- --entrypoints.http.address=:80
- --entrypoints.https.address=:443
- --certificatesresolvers.le.acme.email=pedagogi@domian.com
- --certificatesresolvers.le.acme.storage=/certificates/acme.json
- --certificatesresolvers.le.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
- --certificatesresolvers.le.acme.httpchallenge.entrypoint=http
- --accesslog
- --log
- --api
networks:
- traefik
networks:
traefik:
external: true
而且,当我查看 traefik 容器日志时,我有:
time="2021-10-26T17:42:03Z" level=info msg="Configuration loaded from flags."
time="2021-10-26T17:42:33Z" level=error msg="Unable to obtain ACME certificate for domains \"traefik.course.domain.com\": unable to generate a certificate for the domains [traefik.course.domain.com]: error: one or more domains had a problem:\n[traefik.course.domain.com] acme: error: 400 :: urn:ietf:params:acme:error:tls :: Fetching https://traefik.course.domain.com:443/.well-known/acme-challenge/Fddn6V06kxow56g0s0UIjwhzgnFRppCFrkpT16YoJnI: remote error: tls: handshake failure\n" routerName=traefik-https@docker rule="Host(\"traefik.course.domain.com\")" providerName=le.acme
我更改了真实域以获取上述详细信息。我想,我知道这个问题......但我不知道如何解决它......
我的域是:domian.com(根级别) 我的主要应用是 course.domain.com(第一个子域级别,是 domain.com 的“通配符”)。但是,我需要为 traefik.course.domain.com 生成证书,这是一个子域(从根域开始)。
谁能帮我这个?
我发现了一些使用它的人(作为 traefik.toml 的一部分),但我不知道如何将我的 docker-compose 转换为使用它(每次我尝试过,我的 traefik 都会崩溃)。
[acme]
email = "pedagogi@domain.com"
storage = "/certificates/acme.json"
caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"
entryPoint = "https"
acmeLogging = true
[acme.httpChallenge]
entryPoint = "http"
[[acme.domains]]
main = "domain.com"
sans = ["course.domain.com"]
提前谢谢!
解决方案
推荐阅读
- flutter - Flutter:如何让页面等到数据加载?
- python - 处理特定的命名数据集列
- python - 阅读邮件时如何处理错误
- github - 使用 GKE 创建 Jenkins X Kubernetes 集群会引发异常:找不到秘密“jenkins”
- python - 用数组格式化和求和数字
- javascript - 如何对表格中的部分进行分组?
- excel - 如何使用 Outlook VBA 提取 Excel 文件路径?
- firebase - 在我的颤动代码中无法找出“updateProfile”的错误
- cobol - 如何修复 IF/ELSE 程序不显示或排序数据?
- reactjs - 地图创建组件的访问密钥