Docker Traefik无法获取具有路由53的Acme证书
我在使用AWS Route 53配置Traefik和ACME证书时遇到了一些问题。我尝试了http和dns挑战,但都没有成功。它不断收到以下错误:acme:呈现令牌时出错:route53:无法确定托管区域ID:NoCredentialProviders:链中没有有效的提供程序 我做错了什么?提前谢谢 httpChallenge错误(注意,上没有防火墙): dnsChallenge错误:Docker Traefik无法获取具有路由53的Acme证书,docker,docker-compose,amazon-route53,traefik,Docker,Docker Compose,Amazon Route53,Traefik,我在使用AWS Route 53配置Traefik和ACME证书时遇到了一些问题。我尝试了http和dns挑战,但都没有成功。它不断收到以下错误:acme:呈现令牌时出错:route53:无法确定托管区域ID:NoCredentialProviders:链中没有有效的提供程序 我做错了什么?提前谢谢 httpChallenge错误(注意,上没有防火墙): dnsChallenge错误: app_1 | time="2019-02-20T21:18:26Z" level=debug msg="T
app_1 | time="2019-02-20T21:18:26Z" level=debug msg="Try to challenge certificate for domain [monitor.example.net] founded in Host rule"
app_1 | time="2019-02-20T21:18:26Z" level=debug msg="Looking for provided certificate(s) to validate [\"monitor.example.net\"]..."
app_1 | time="2019-02-20T21:18:26Z" level=debug msg="Domains [\"monitor.example.net\"] need ACME certificates generation for domains \"monitor.example.net\"."
app_1 | time="2019-02-20T21:18:26Z" level=debug msg="Loading ACME certificates [monitor.example.net]..."
app_1 | time="2019-02-20T21:18:26Z" level=debug msg="Building ACME client..."
app_1 | time="2019-02-20T21:18:26Z" level=debug msg="https://acme-v02.api.letsencrypt.org/directory"
app_1 | time="2019-02-20T21:18:26Z" level=debug msg="Using DNS Challenge provider: route53"
app_1 | time="2019-02-20T21:18:27Z" level=error msg="Unable to obtain ACME certificate for domains \"monitor.example.net\" detected thanks to rule \"Host:monitor.example.net\" : unable to generate a certificate for the domains [monitor.example.net]: acme: Error -> One or more domains had a problem:\n[monitor.example.net] [monitor.example.net] acme: error presenting token: route53: failed to determine hosted zone ID: NoCredentialProviders: no valid providers in chain. Deprecated.\n\tFor verbose messaging see aws.Config.CredentialsChainVerboseErrors\n"
version: '3'
services:
app:
image: traefik:alpine
restart: always
ports:
- 80:80
- 443:443
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./traefik.toml:/traefik.toml
- ./acme.json:/acme.json
labels:
- traefik.frontend.rule=Host:monitor.example.net
- traefik.port=8080
networks:
- web
networks:
web:
external: true
logLevel = "DEBUG"
defaultEntryPoints = ["http", "https"]
[entryPoints]
[entryPoints.dashboard]
address = ":8080"
[entryPoints.dashboard.auth]
[entryPoints.dashboard.auth.basic]
users = ["admin:foobar"]
[entryPoints.http]
address = ":80"
# [entryPoints.http.redirect]
# entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[api]
entrypoint="dashboard"
[acme]
email = "donotspam@me.com"
storage = "acme.json"
entryPoint = "https"
onHostRule = true
# [acme.httpChallenge] #<--tried both httpChallenge and dnsChallenge
# entryPoint = "http"
[acme.dnsChallenge]
provider = "route53"
delayBeforeCheck = 0
[docker]
domain = "example.net"
watch = true
network = "web"
logLevel=“调试”
defaultEntryPoints=[“http”,“https”]
[入口点]
[入口点.仪表板]
address=“:8080”
[entryPoints.dashboard.auth]
[entryPoints.dashboard.auth.basic]
users=[“admin:foobar”]
[entryPoints.http]
address=“:80”
#[entryPoints.http.redirect]
#entryPoint=“https”
[entryPoints.https]
address=“:443”
[entryPoints.https.tls]
[空气污染指数]
entrypoint=“仪表板”
[顶点]
电子邮件=”donotspam@me.com"
storage=“acme.json”
entryPoint=“https”
onHostRule=true
#[acme.httpChallenge]#HTTP质询要求可以在Internet上访问端口80
对于DNS质询,您需要定义凭据:
AWS\u访问密钥\u ID
,AWS\u秘密密钥\u访问密钥
,[AWS\u地区
,[AWS\u托管区域\u ID
]或配置的用户/实例IAM配置文件。
再次感谢Idez,我不小心错过了这个配置步骤。它正在处理HTTP挑战。
logLevel = "DEBUG"
defaultEntryPoints = ["http", "https"]
[entryPoints]
[entryPoints.dashboard]
address = ":8080"
[entryPoints.dashboard.auth]
[entryPoints.dashboard.auth.basic]
users = ["admin:foobar"]
[entryPoints.http]
address = ":80"
# [entryPoints.http.redirect]
# entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[api]
entrypoint="dashboard"
[acme]
email = "donotspam@me.com"
storage = "acme.json"
entryPoint = "https"
onHostRule = true
# [acme.httpChallenge] #<--tried both httpChallenge and dnsChallenge
# entryPoint = "http"
[acme.dnsChallenge]
provider = "route53"
delayBeforeCheck = 0
[docker]
domain = "example.net"
watch = true
network = "web"