Traefik Configuration (ACME)

Hello –

I’m hoping there is a group out there that could help me troubleshoot my Docker Traefik configuration. I have Traefik setup in a docker-compose file … along with the traefik.yml file … I’m using an .env file for the Cloudflare API Token, which is scoped, and I’m writing the cert to acme.json in the data directory:

├── data
│ ├── acme.json
│ └── traefik.yml
├── .env
└── traefik-compose.yml

when I run the command docker compose -f traefik-compose.yml up -d --force-recreate … things start as you would expect with no errors, but no matter what I try to do, when I go to the URL (with proper local DNS CNAME) and I log in, I get the dashboard as you’d expect but I only ever get the default Traefik cert – I can’t get the ACME cert and I don’t get it.

I took a DEBUG log but that doesn’t seem to contain anything super useful.

I have an Acme Cert on my pfSense, and it was just issued/renewed the other day, so I don’t understand what the holdup is – and I’m intentionally using the staging until I get the thing working, then I’ll switch to the prod for Acme.

I appreciate the eyes, thank you!

This video should help

Humorously enough, it was actually his follow-up to this video:

That I followed. I just can’t get the Acme cert to issue. If you’ve seen the debug log, do you have any thoughts?

I would say if your staging didn’t have any errors then switch it prod. I am pretty sure staging is only for testing purposes and will not provide you with a certificate. which is why it is falling back on your self-signed cert.

2024-12-06T14:21:45-07:00 DBG github.com/traefik/traefik/v3/pkg/tls/tlsmanager.go:321 > No default certificate, fallback to the internal generated certificate tlsStoreName=default

nah, i’ve already tried that – but I moved it back quickly because I was deathly afraid of getting rate limited or banned by a container that would keep trying over and over.

thank you for your review!