Traefik 请求错误的 tls 证书

问题描述 投票:0回答:1

我使用 traefik 进行反向代理和 tls 证书管理。它工作了很长一段时间,但我最近注意到 traefik 无法从 LetsEncrypt 请求 TLS 证书。我不知道什么时候,因为直到现在我才注意到。该错误似乎出现在我的所有服务上,但这是一个例子

bitwarden:
    image: vaultwarden/server
    container_name: bitwarden
    volumes:
       - ./bwdata:/data
    environment:
       - WEBSOCKET_ENABLED=true
    labels:
       - "traefik.enable=true"
       - "traefik.http.routers.bitwarden-secure.middlewares=compress"
       - "traefik.http.routers.bitwarden-secure.rule=Host(`bitwarden.example.com`)"
       - "traefik.http.routers.bitwarden-secure.tls=true"
       - "traefik.http.routers.bitwarden.tls.certresolver=myresolver"
    networks:
       - traefik_proxy
    logging:
      driver: "json-file"
      options:
        max-size: "10m"
        max-file: "6"

输入网址时它可以正确路由,但在我的 traefik 日志中出现错误:

traefik_1        | time="2023-12-15T21:39:44Z" level=error msg="Unable to obtain ACME certificate for domains \"bitwarden-docker\": unable to generate a certificate for the domains [bitwarden-docker]: acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-order :: urn:ietf:params:acme:error:rejectedIdentifier :: Error creating new order :: Cannot issue for \"bitwarden-docker\": Domain name needs at least one dot" rule="Host(`bitwarden-docker`)" providerName=myresolver.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory" routerName=bitwarden@docker

由于我的证书尚未过期,我仍然有 tls,但是在创建新服务时,我收到了相同的错误,并且几乎所有以前有效的服务都出现了。

我没有改变我所记得的 traefik 服务。

traefik:
    image: traefik
    command:
       - "--api.insecure=true"
       - "--providers.docker=true"
       - "--providers.docker.exposedbydefault=false"
       - "--entrypoints.web.address=:80"
       - "--entrypoints.web-secure.address=:443"
       - "--certificatesresolvers.myresolver.acme.tlschallenge=true"
       - "--certificatesresolvers.myresolver.acme.email=MY_EMAIL"
       - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
       - "--api.dashboard=true"
       - "--api.insecure=true"
       - "--entrypoints.ssh.address=:22" # gitea
    ports:
       - "80:80"
       - "443:443"
       - "8080:8080"
    volumes:
       - "/var/run/docker.sock:/var/run/docker.sock:ro"
       - "./letsencrypt:/letsencrypt"
       - "./static:/var/www/html"
    labels:
       - "traefik.enable=true"
       - "traefik.http.routers.reverse.entrypoints=web"
       - "traefik.http.middlewares.auth.basicauth.users=ENCRYPTED_USER"
       - "traefik.http.middlewares.compress.compress=true"
       - 'traefik.http.routers.api.middlewares=authelia@docker'

       - "traefik.http.middlewares.share_auth.basicauth.users=ANOTHER_ENCRYPTED_USER"
    networks:
       - traefik_proxy
    logging:
      driver: "json-file"
      options:
        max-size: "10m"
        max-file: "6"

我尝试更改新服务上的网址,但出现相同的错误。

traefik traefik-routers
1个回答
0
投票

您其中一台路由器的名称错误:

 labels:
       - "traefik.enable=true"
       - "traefik.http.routers.bitwarden-secure.middlewares=compress"
       - "traefik.http.routers.bitwarden-secure.rule=Host(`bitwarden.example.com`)"
       - "traefik.http.routers.bitwarden-secure.tls=true"
       - "traefik.http.routers.bitwarden.tls.certresolver=myresolver"


traefik.http.routers.bitwarden.tls.certresolver=myresolver
更改为 
traefik.http.routers.bitwarden-secure.tls.certresolver=myresolver

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.