我正在使用traefik在我的NAS上使用https使用加密来提供一些服务。现在我注意到我的nextcloud安装的tls证书已于昨天晚上到期。 Traefik有这样的日志:
time="2018-08-31T22:43:08Z" level=error msg="Error getting ACME client: ACME client still not built, retrying in 6.83135832s"
time="2018-08-31T22:43:15Z" level=error msg="Error getting ACME client: ACME client still not built, retrying in 12.680203952s"
time="2018-08-31T22:43:28Z" level=error msg="Error getting ACME client: ACME client still not built"
我更新到v1.7但现在错误是不同的:
time="2018-09-01T07:42:44Z" level=error msg="Unable to obtain ACME certificate for domains \"my.domain\" detected thanks to rule \"Host:cloud.dnas.one\" : cannot get ACME client ACME challenge not specified, please select TLS or HTTP or DNS Challenge"
此消息是针对每个域发布的,内部以及外部。无法找到有关此问题的更多信息。
defaultEntryPoints = ["http", "https"]
idleTimeout = 0
dialTimeout = 0
logLevel = "WARN"
[entryPoints]
[entryPoints.http]
address = ":80"
#entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
# Lets Encrypt via ACME
[acme]
email = "[email protected]"
storage = "acme.json"
entryPoint = "https"
onDemand = false
OnHostRule = true
caServer = "https://acme-v02.api.letsencrypt.org/directory"
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "nas.one"
watch = true
你的traefik.toml文件没有指定挑战方法,它应该从Let's Encrypt获取证书。 1.7错误消息更清楚。
如果要使用HTTP challenge,请添加以下行:
[acme.httpChallenge]
entryPoint = "http"
如果要使用DNS challenge(如果要使用通配符证书,则为必需),请添加以下行:
[acme.dnsChallenge]
provider = "YOURPROVIDER"
delayBeforeCheck = 0
检查文档以了解其余配置。