Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Option to add blacklisted/ignored domains/subdomains in acme #4069

Closed
steve-todorov opened this issue Oct 17, 2018 · 1 comment
Closed

Option to add blacklisted/ignored domains/subdomains in acme #4069

steve-todorov opened this issue Oct 17, 2018 · 1 comment

Comments

@steve-todorov
Copy link

@steve-todorov steve-todorov commented Oct 17, 2018

Do you want to request a feature or report a bug?

Bug

What did you do?

Used rancher 2.0's catalogue to create a Prometheus & Grafana dashboard. In the Prometheus section I chose to use xip.io domain for the ingress instead of an actual one.

What did you expect to see?

I expected traefik to have an ignore domain option in the acme section so one could blacklist specific domain/subdomain. It would be nice if we could use wildcard as well (i.e. *.domain.com) for the blacklist.

What did you see instead?

traefik has been trying to issue acme certificates.

Output of traefik version: (What version of Traefik are you using?)

Version:      v1.7.2
Codename:     maroilles
Go version:   go1.11.1
Built:        2018-10-04_01:44:36PM
OS/Arch:      linux/amd64

What is your environment & configuration (arguments, toml, provider, platform, ...)?

Running traefik on docker with kubernetes backend.

debug = false
logLevel = "INFO"
defaultEntryPoints = ["http", "https"]

[entryPoints]
  [entryPoints.http]
  address = ":80"
    [entryPoints.http.redirect]
    entryPoint = "https"

  [entryPoints.https]
    address = ":443"

  [entryPoints.https.tls]
    minVersion = "VersionTLS12"

[retry]

[docker]
endpoint = "unix:///var/run/docker.sock"
watch = true
exposedByDefault = false
swarmMode = false

[kubernetes]
endpoint = "..."
token = "..."

[acme]
email = "email@domain.com"
storage = "/acme.json"
entryPoint = "https"
onHostRule = true
onDemand = false
# PRODUCTION URL
caServer = "https://acme-v02.api.letsencrypt.org/directory"
# STAGING URL
#caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"
acmeLogging = true
  [acme.httpChallenge]
    entryPoint = "http"

[[acme.domains]]
  main = "my-domain.com"
  sans = ["a.my-domain.com", "b.my-domain.com", "c.my-domain.com", "d.my-domain.com", "e.my-domain.com", "f.my-domain.com"]

[respondingTimeouts]
readTimeout = "30s"
writeTimeout = "30s"

If applicable, please paste the log output in DEBUG level (--logLevel=DEBUG switch)

time="2018-10-17T20:55:02Z" level=info msg="Server configuration reloaded on :80"
time="2018-10-17T20:55:02Z" level=info msg="Server configuration reloaded on :443"
time="2018-10-17T20:55:02Z" level=info msg="Server configuration reloaded on :8090"
time="2018-10-17T20:55:02Z" level=info msg="legolog: [INFO] [prometheus-server.prometheus.10.0.0.18.xip.io] acme: Obtaining bundled SAN certificate"
time="2018-10-17T20:55:03Z" level=error msg="Unable to obtain ACME certificate for domains \"prometheus-server.prometheus.10.0.0.18.xip.io\" detected thanks to rule \"Host:prometheus-server.prometheus.10.0.0.18.xip.io\" : unable to generate a certificate for the domains [prometheus-server.prometheus.10.0.0.18.xip.io]: acme: Error 429 - urn:ietf:params:acme:error:rateLimited - Error creating new order :: too many failed authorizations recently: see https://letsencrypt.org/docs/rate-limits/"
E1017 21:10:19.131538       1 streamwatcher.go:109] Unable to decode an event from the watch stream: stream error: stream ID 49; INTERNAL_ERROR
E1017 21:10:19.135994       1 streamwatcher.go:109] Unable to decode an event from the watch stream: stream error: stream ID 51; INTERNAL_ERROR
E1017 21:10:19.159609       1 streamwatcher.go:109] Unable to decode an event from the watch stream: stream error: stream ID 53; INTERNAL_ERROR
E1017 21:10:19.706925       1 streamwatcher.go:109] Unable to decode an event from the watch stream: stream error: stream ID 57; INTERNAL_ERROR
@ldez

This comment has been minimized.

Copy link
Member

@ldez ldez commented May 14, 2019

Close in favor of #4872 - Feel free to subscribe there for updates.

@ldez ldez closed this May 14, 2019
@containous containous locked and limited conversation to collaborators Sep 1, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
4 participants
You can’t perform that action at this time.