You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Yes, I've searched similar issues on GitHub and didn't find any.
How do you use lego?
Through Traefik
Detailed Description
As described in https://community.traefik.io/t/lets-encrypt-x509-certificate-signed-by-unknown-authority/11112 I had been wondering for two months why Traefik refused to talk to the default Let's Encrypt servers while curl and even a custom go test program had no problems. Eventually I noticed that I had set LEGO_CA_CERTIFICATES to my local CA's root cert, assuming this would allow the cert in addition to the default certs. In reality, this fully replaces the default cert pool.
I could imagine the following solutions:
Have LEGO_CA_CERTIFICATES add to the default pool by default
Add a new environment variable LEGO_ADDITIONAL_CA_CERTIFICATES that adds to the default pool
Allow multiple file names like LEGO_CA_CERTIFICATES=/etc/traefik/acme.crt,/etc/ssl/certs/ca-certificates.crt
The text was updated successfully, but these errors were encountered:
Welcome
How do you use lego?
Through Traefik
Detailed Description
As described in https://community.traefik.io/t/lets-encrypt-x509-certificate-signed-by-unknown-authority/11112 I had been wondering for two months why Traefik refused to talk to the default Let's Encrypt servers while
curl
and even a customgo
test program had no problems. Eventually I noticed that I had setLEGO_CA_CERTIFICATES
to my local CA's root cert, assuming this would allow the cert in addition to the default certs. In reality, this fully replaces the default cert pool.I could imagine the following solutions:
LEGO_CA_CERTIFICATES
add to the default pool by defaultLEGO_ADDITIONAL_CA_CERTIFICATES
that adds to the default poolLEGO_CA_CERTIFICATES=/etc/traefik/acme.crt,/etc/ssl/certs/ca-certificates.crt
The text was updated successfully, but these errors were encountered: