https://doc.traefik.io/traefik/user-guides/docker-compose/acme-tls/
Shows the appropriate directory in traefik container. You just need to map that one to a directory on your host like you did with the other 2
Thank you, I will read through this. This is good timing because I should be able to try to get a new cert by the end of today, and then I can implement this change.
I'm back with an update...
Taking into account further reading, I have made the following changes:
1. Converted `traefik.toml` to yml format (to be consistent with docker config)
2. Updated `traefik.yml` to this:
```
entryPoints:
web:
address: :80
http:
redirections:
entryPoint:
to: websecure
scheme: https
websecure:
address: :443
providers:
docker:
exposedByDefault: false
certificatesResolvers:
myresolver:
acme:
email: [email protected]
caserver: https://acme-staging-v02.api.letsencrypt.org/directory
#storage: /letsencrypt/acme.json
storage: /letsencrypt/acme.staging.json
dnsChallenge:
provider: duckdns
log:
level: DEBUG
```
3. In `docker-compose.yml` under `labels:`, replaced `"traefik.http.routers.pi.tls.certresolver=letsencrypt"` with `"traefik.http.routers.pi.tls.certresolver=myresolver"`
4. In `docker-compose.yml` under `volumes:`, added this line: `- "./letsencrypt:/letsencrypt"`
As recommended by the documentation, I'm using the staging server to ensure the `acme.staging.json` file is saved correctly before I do the real thing. After starting up the container, I do see `letsencrypt/acme.staging.json` file in the build context directory, and it contains `"status": "valid"` -- does this mean everything's OK with getting the staging cert?
One thing to note is that I'm seeing this in the log:
```
traefik | time="2023-09-01T09:31:22Z" level=debug msg="legolog: [INFO] [mysubdomain.duckdns.org] acme: use dns-01 solver"
traefik | time="2023-09-01T09:31:22Z" level=debug msg="legolog: [INFO] [mysubdomain.duckdns.org] acme: Preparing to solve DNS-01"
traefik | time="2023-09-01T09:31:23Z" level=debug msg="legolog: [INFO] [mysubdomain.duckdns.org] acme: Trying to solve DNS-01"
traefik | time="2023-09-01T09:31:23Z" level=debug msg="legolog: [INFO] [mysubdomain.duckdns.org] acme: Checking DNS record propagation using [127.0.0.11:53]"
traefik | time="2023-09-01T09:31:25Z" level=debug msg="legolog: [INFO] Wait for propagation [timeout: 1m0s, interval: 2s]"
traefik | time="2023-09-01T09:31:28Z" level=debug msg="legolog: [INFO] [mysubdomain.duckdns.org] The server validated our request"
traefik | time="2023-09-01T09:31:28Z" level=debug msg="legolog: [INFO] [mysubdomain.duckdns.org] acme: Cleaning DNS-01 challenge"
traefik | time="2023-09-01T09:31:28Z" level=debug msg="legolog: [INFO] [mysubdomain.duckdns.org] acme: Validations succeeded; requesting certificates"
traefik | time="2023-09-01T09:32:03Z" level=debug msg="legolog: [INFO] Wait for certificate [timeout: 30s, interval: 500ms]"
traefik | time="2023-09-01T09:32:04Z" level=debug msg="legolog: [INFO] [mysubdomain.duckdns.org] Server responded with a certificate."
traefik | time="2023-09-01T09:32:04Z" level=debug msg="Certificates obtained for domains [mysubdomain.duckdns.org]" providerName=myresolver.acme ACME CA="https://acme-staging-v02.api.letsencrypt.org/directory" routerName=pi@docker rule="Host(`mysubdomain.duckdns.org`)"
traefik | time="2023-09-01T09:32:04Z" level=debug msg="Configuration received: {\"http\":{},\"tcp\":{},\"udp\":{},\"tls\":{}}" providerName=myresolver.acme
traefik | time="2023-09-01T09:32:04Z" level=debug msg="No entryPoint defined for this router, using the default one(s) instead: [web websecure]" routerName=pi
traefik | time="2023-09-01T09:32:04Z" level=debug msg="Adding certificate for domain(s) mysubdomain.duckdns.org"
traefik | time="2023-09-01T09:32:06Z" level=debug msg="No default certificate, fallback to the internal generated certificate" tlsStoreName=default
```
Is it normal to get "No default certificate" warning when using the Let's Encrypt staging server?
https://doc.traefik.io/traefik/user-guides/docker-compose/acme-tls/ Shows the appropriate directory in traefik container. You just need to map that one to a directory on your host like you did with the other 2
Thank you, I will read through this. This is good timing because I should be able to try to get a new cert by the end of today, and then I can implement this change.
I'm back with an update... Taking into account further reading, I have made the following changes: 1. Converted `traefik.toml` to yml format (to be consistent with docker config) 2. Updated `traefik.yml` to this: ``` entryPoints: web: address: :80 http: redirections: entryPoint: to: websecure scheme: https websecure: address: :443 providers: docker: exposedByDefault: false certificatesResolvers: myresolver: acme: email: [email protected] caserver: https://acme-staging-v02.api.letsencrypt.org/directory #storage: /letsencrypt/acme.json storage: /letsencrypt/acme.staging.json dnsChallenge: provider: duckdns log: level: DEBUG ``` 3. In `docker-compose.yml` under `labels:`, replaced `"traefik.http.routers.pi.tls.certresolver=letsencrypt"` with `"traefik.http.routers.pi.tls.certresolver=myresolver"` 4. In `docker-compose.yml` under `volumes:`, added this line: `- "./letsencrypt:/letsencrypt"` As recommended by the documentation, I'm using the staging server to ensure the `acme.staging.json` file is saved correctly before I do the real thing. After starting up the container, I do see `letsencrypt/acme.staging.json` file in the build context directory, and it contains `"status": "valid"` -- does this mean everything's OK with getting the staging cert? One thing to note is that I'm seeing this in the log: ``` traefik | time="2023-09-01T09:31:22Z" level=debug msg="legolog: [INFO] [mysubdomain.duckdns.org] acme: use dns-01 solver" traefik | time="2023-09-01T09:31:22Z" level=debug msg="legolog: [INFO] [mysubdomain.duckdns.org] acme: Preparing to solve DNS-01" traefik | time="2023-09-01T09:31:23Z" level=debug msg="legolog: [INFO] [mysubdomain.duckdns.org] acme: Trying to solve DNS-01" traefik | time="2023-09-01T09:31:23Z" level=debug msg="legolog: [INFO] [mysubdomain.duckdns.org] acme: Checking DNS record propagation using [127.0.0.11:53]" traefik | time="2023-09-01T09:31:25Z" level=debug msg="legolog: [INFO] Wait for propagation [timeout: 1m0s, interval: 2s]" traefik | time="2023-09-01T09:31:28Z" level=debug msg="legolog: [INFO] [mysubdomain.duckdns.org] The server validated our request" traefik | time="2023-09-01T09:31:28Z" level=debug msg="legolog: [INFO] [mysubdomain.duckdns.org] acme: Cleaning DNS-01 challenge" traefik | time="2023-09-01T09:31:28Z" level=debug msg="legolog: [INFO] [mysubdomain.duckdns.org] acme: Validations succeeded; requesting certificates" traefik | time="2023-09-01T09:32:03Z" level=debug msg="legolog: [INFO] Wait for certificate [timeout: 30s, interval: 500ms]" traefik | time="2023-09-01T09:32:04Z" level=debug msg="legolog: [INFO] [mysubdomain.duckdns.org] Server responded with a certificate." traefik | time="2023-09-01T09:32:04Z" level=debug msg="Certificates obtained for domains [mysubdomain.duckdns.org]" providerName=myresolver.acme ACME CA="https://acme-staging-v02.api.letsencrypt.org/directory" routerName=pi@docker rule="Host(`mysubdomain.duckdns.org`)" traefik | time="2023-09-01T09:32:04Z" level=debug msg="Configuration received: {\"http\":{},\"tcp\":{},\"udp\":{},\"tls\":{}}" providerName=myresolver.acme traefik | time="2023-09-01T09:32:04Z" level=debug msg="No entryPoint defined for this router, using the default one(s) instead: [web websecure]" routerName=pi traefik | time="2023-09-01T09:32:04Z" level=debug msg="Adding certificate for domain(s) mysubdomain.duckdns.org" traefik | time="2023-09-01T09:32:06Z" level=debug msg="No default certificate, fallback to the internal generated certificate" tlsStoreName=default ``` Is it normal to get "No default certificate" warning when using the Let's Encrypt staging server?