traefik: Traefik Timeout while creating Let's Encrypt client

Hello there,

While creating a Traefik LB in a Kubernetes cluster, I got this error :

time="2016-10-19T14:49:50Z" level=info msg="Preparing server http &{Network: Address::80 TLS:<nil> Redirect:<nil> Auth:<nil> Compress:false}"
time="2016-10-19T14:49:50Z" level=info msg="Preparing server https &{Network: Address::443 TLS:0xc4201b57a0 Redirect:<nil> Auth:<nil> Compress:false}"
time="2016-10-19T14:49:50Z" level=info msg="Starting server on :80"
time="2016-10-19T14:49:52Z" level=info msg="Generating ACME Account..."
time="2016-10-19T14:50:03Z" level=info msg=buildACMEClient...
time="2016-10-19T14:50:03Z" level=debug msg="Building ACME client..."
time="2016-10-19T14:50:13Z" level=error msg="Error creating TLS config get directory at 'https://acme-staging.api.letsencrypt.org/directory': failed to get \"https://acme-staging.api.letsencrypt.org/directory\": Get https://acme-staging.api.letsencrypt.org/directory: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)"
time="2016-10-19T14:50:13Z" level=fatal msg="Error preparing server: get directory at 'https://acme-staging.api.letsencrypt.org/directory': failed to get \"https://acme-staging.api.letsencrypt.org/directory\": Get https://acme-staging.api.letsencrypt.org/directory: net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)"

and my conf file (more or less the default one) :

    # traefik.toml
    graceTimeOut = 60
    defaultEntryPoints = ["http","https"]
    [entryPoints]
      [entryPoints.http]
      address = ":80"
      [entryPoints.https]
      address = ":443"
    [acme]
    email = "tom@blaaast.co"
    storage = "/acme/acme.json"
    entryPoint = "https"
    onDemand = true
    onHostRule = true
    caServer = "https://acme-staging.api.letsencrypt.org/directory"
    [[acme.domains]]
    main = "domain.com"
    sans = ["sub.domain.com"]

Has anybody hit this problem ? Is it Kubernetes related ? Or do I have to setup a timeout duration somewhere ?

Thanks 😃

About this issue

  • Original URL
  • State: closed
  • Created 8 years ago
  • Comments: 25 (7 by maintainers)

Most upvoted comments

For the record, I am having this issue today. It just happens that the acme-v01.api.letsencrypt.org (Production) service is down 😕

Let’s encrypt API status: http://letsencrypt.status.io

+4
jmlemetayer on May 19, 2017

@j0hnsmith @adrianfalleiro Thanks for answering. I nailed down this issue to be related to network issues aswell, but on my end (I’m using macvlan to give traefik an IP on the HOST lan) I forgot to specify upstream interface on the macvlan network

+1
jkaberg on Mar 30, 2017

I was also experiencing this problem on a Docker Swarm Mode cluster hosted in AWS. Turns out there was some conflict between the subnet of my docker network and the VPC network.

I ended up changing the subnet of my docker network and my connectivity issues were resolved.

+1
adrianfalleiro on Mar 30, 2017

I have the same trouble with Traefik in Docker 1.12 Swarm mode cluster.

+1
dddpaul on Oct 21, 2016
Read more comments on GitHub
← traefik: Traefik should not serve requests for hosts which do not have a configuration defined
traefik: Traefik web entrypoint dies randomly →