Docker Traefik-无法获取Let';s为域加密证书=>;acme http质询超时
我正在尝试使用let's encrypt保护trafik提供服务的站点。但是,它在测试acme挑战时失败Docker Traefik-无法获取Let';s为域加密证书=>;acme http质询超时,docker,ssl,lets-encrypt,traefik,Docker,Ssl,Lets Encrypt,Traefik,我正在尝试使用let's encrypt保护trafik提供服务的站点。但是,它在测试acme挑战时失败 time="2019-02-07T23:23:35Z" level=error msg="Unable to obtain ACME certificate for domains \"git.redacted.be\" detected thanks to rule \"Host:git.redacted.be\" : unable to generate a certificate fo
time="2019-02-07T23:23:35Z" level=error msg="Unable to obtain ACME certificate for domains \"git.redacted.be\" detected thanks to rule \"Host:git.redacted.be\" : unable to generate a certificate for the domains [git.redacted.be]: acme: Error -> One or more domains had a problem:\n[git.redacted.be] acme: error: 400 :: urn:ietf:params:acme:error:connection :: Fetching http://git.redacted.be/.well-known/acme-challenge/I_44HUy2IqyYZk-6GmfWxtm7Uunx_wid9rgHpXkhZcM: Error getting validation data, url: \n"
该服务器可以从internet公开使用(如果我转到,它会被重定向到https,我可以配置我的git服务器),gogs(git服务器)也可以通过traefik和docker访问
当我手动导航到上面提到的url(.well-known/acme challenge/…)时,请求超时,但在traefik内部登录时显示:获取令牌的质询时出错:找不到令牌的质询。
我已经尝试了(禁用IPv6并使用traefik:alpine)中提到的一些解决方法
这是我的设置:
Traefik docker-compose.yml
version: '3.2'
services:
traefik:
image: traefik:alpine # The official Traefik docker image
command: --api --docker --logLevel=info # Enables the web UI and tells Tr ik to listen to docker
restart: unless-stopped
ports:
- "81:80" # The HTTP port
- "444:443"
- "18080:8080" # The Web UI (enabled by --api)
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./traefik.toml:/traefik.toml
- ./acme.json:/acme.json
networks:
- traefik
logging:
driver: "json-file"
networks:
traefik:
external:
name: traefik
特拉菲克
debug = false
logLevel = "ERROR"
defaultEntryPoints = ["https","http"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[retry]
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "redacted.be"
watch = true
exposedByDefault = false
[acme]
email = "ronald@redacted.be"
storage = "acme.json"
entryPoint = "https"
caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"
onHostRule = true
[acme.httpChallenge]
entryPoint = "http"
docker由我的git服务器组成:
version: '3.2'
services:
gogs:
restart: unless-stopped
image: gogs/gogs
volumes:
- ./data/db:/data/db
- ./data/git:/data/git
- ./data/gogs:/data/gogs
networks:
- gogs
- traefik
ports:
- "10022:22"
- "3000:3000"
labels:
- "traefik.port=3000"
- "traefik.frontend.rule=Host:git.redacted.be"
- "traefik.docker.network=traefik"
networks:
gogs:
traefik:
external:
name: traefik
知道我做错了什么吗?您是否设置了端口80和443,以便通过路由器转发到运行Traefik的计算机上?是的,我手动生成了证书,这可以正常工作。但它们不会自动续订。您是如何手动创建它们的?