traefik: letsEncrypt not working with etcd
When I try to configure Traefik in combination with ‘etcd’ as a backend store, i can’t get LetsEncrypt working.
traefik.toml (imported with storeconfig)
[web]
address = ":8080"
defaultEntryPoints = ["https"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[acme]
email = "me@domain.tld"
storage= "/traefik/acme/account"
entryPoint = "https"
onDemand = false
OnHostRule = true
caServer = "https://acme-staging.api.letsencrypt.org/directory"
[[acme.domains]]
main = "domain.tld"
sans = ["www.domain.tld", "ww2.domain.tld"]
[etcd]
endpoint = "127.0.0.1:4001"
watch = true
prefix = "/traefik"
Output in the logs
Dec 02 09:23:18 core-01 rkt[21448]: [131075.886503] traefik[5]: time="2016-12-02T10:23:18+01:00" level=info msg="Skipping same configuration for provider etcd"
Dec 02 09:23:22 core-01 rkt[21448]: [131079.650257] traefik[5]: time="2016-12-02T10:23:22+01:00" level=debug msg="Challenge GetCertificate www.mydomain.tld"
Dec 02 09:23:22 core-01 rkt[21448]: [131079.650881] traefik[5]: time="2016-12-02T10:23:22+01:00" level=debug msg="Loading ACME certificates [www.mydomain.tld]..."
Dec 02 09:23:22 core-01 rkt[21448]: [131079.661423] traefik[5]: time="2016-12-02T10:23:22+01:00" level=debug msg="Challenge GetCertificate www.mydomain.tld"
Dec 02 09:23:22 core-01 rkt[21448]: [131079.662657] traefik[5]: time="2016-12-02T10:23:22+01:00" level=debug msg="Loading ACME certificates [www.mydomain.tld]..."
Dec 02 09:23:22 core-01 rkt[21448]: [131080.212813] traefik[5]: time="2016-12-02T10:23:22+01:00" level=debug msg="Challenge Present www.mydomain.tld"
Dec 02 09:23:22 core-01 rkt[21448]: [131080.238591] traefik[5]: time="2016-12-02T10:23:22+01:00" level=debug msg="Challenge Present www.mydomain.tld"
From the output in the logs I can’t really find out what is exactly going on. I had a look at the source code to see where it might go wrong, but my Go knowledge is no-exiting atm.
Slack reference : https://traefik.slack.com/archives/support/p1480674299005971
About this issue
- Original URL
- State: closed
- Created 8 years ago
- Reactions: 11
- Comments: 26 (3 by maintainers)
I’m catching up on this issue, trying to slowly get the libkv repository back on track. In the meantime I’ll start working on the etcd v3 backend which should hopefully fix the problem (I see it has a proper
MutexAPI now which was not the case when I originally opened docker/libkv#103 and docker/libkv#106).As @lorenz mentioned above, the interface probably maps badly with the new lock implementation but I’ll be aiming for something that works at first. We can later discuss about a possible interface change to better map with new primitives.
I’ll update as soon as I have some results.
This seems to still be an issue. Tried with traefik 1.7.4 and an etcd-3.3.9.
Let me know if everything works out fine or if there are still remaining issues and I’ll take a look. Feel free to open an issue on the fork as well. I may create a new repository as some have issues with import paths and the fact that it still points to the docker/libkv repository (some package managers support aliasing, some not). But we’ll migrate issues if we go forward with that approach.
Update: I got the
Lockworking with the v3 client (using the same model as for zookeeper: a side-key for the lock). It works as intended and it’s pretty clean now compared to v2, just a few lines of code.What’s left:
Watch/WatchTreeandList/DeleteTree.Will update again as soon as I drop a PR.
everything is merged into abronan/libkv! I hope this fixes will be integrated in near future 😃
Just want to add that this appears to be happening on zookeeper as well:
EDIT: Appears to be unrelated making new issue