No certificates generated with acme.json from traefik v2.0

[rezor92]

Hi,

first of all thanks for your work and that you are sharing it. I have tried it but I cannot get it to work on my server.

I'm using traefik v2.0 and the docker image ldez/traefik-certs-dumper:latest with the following command:

  certdumper:
    image: ldez/traefik-certs-dumper:latest
    command: "file --watch --domain-subdir=true --version v2"
    volumes:
      - "/XX/XX/XX/acme.json:/acme.json:ro"
      - "/XX/XX/certs:/dump"

I'm getting the following log after the acme.json changed:

2019/09/25 07:15:54 file.go:96: error: EOF,
dump,
└──private,

If I check the output folders they are empty. It would be kind if someone could give me a hint what I'm doing wrong.

Best regards

Originally posted by @rezor92 in #34 (comment)

[straend]

edit: After reading some more it seems to be unrelated to this.

Other similiar tools also have the same problem, there seems to be a new format inside the acme.json storage.
DanielleHuisman/traefik-certificate-extractor#18

[timoschwarzer]

Confirming that no certificates are being extracted with an acme.json from Traefik 2.0.1

[timoschwarzer]

@ldez seems like it was this commit (traefik/traefik@c7d336f#diff-153848c6b668f0e912ccbef254a4e23c) that broke the dumper, which still uses Title-Cased keys :P

[rezor92]

@timoschwarzer thanks.

Fixed in v2.5.5

@ldez Thank you. @timoschwarzer Is it working for you? For me using the newest version still doesn't resolve my issue. Only empty private folder :(

[timoschwarzer]

@rezor92 @ldez I just tried it, and unfortunately you are right. I'm using the latest Docker image 8e578f66d86d.

[timoschwarzer]

I'm not really familiar with Go but I think the problem is that the v2 dumper doesn't take multiple certificate resolvers into account.

My acme.json looks like this:

{
  "<certResolverName>": {
    "Account": { ... },
    "Certificates": [
      {"domain": ..., "certificate": ..., "key": ..., "Store": ...},
      ...
    ]
  }
}

It looks like traefik-certs-dumper searches for the Certificates key in the root JSON-Object.

[ldez]

Fixed in v2.5.6.

I will add some non regression tests.

[timoschwarzer]

@ldez Unfortunately, traefik-certs-dumper file --version v2 still does not work for me. I'll try to investigate why.

[timoschwarzer]

There seems to be revision pinned that no longer exists (go: github.com/labbsr0x/goh@v0.0.0-20190417202808-8b16b4848295: unknown revision 8b16b4848295) so unfortunately I cannot build and test traefik-certs-dumper. (Unless there's a workaround for that...)

[ldez]

I tested with real acme.json file without any issues.

Could you give me more information?

---

I recommend to use go1.13.

[timoschwarzer]

@ldez

I recommend to use go1.13.

I installed Go 1.13. I still cannot install all dependencies:

go: github.com/go-acme/lego/v3@v3.0.2 requires
	github.com/labbsr0x/goh@v0.0.0-20190417202808-8b16b4848295: invalid version: unknown revision 8b16b4848295

Could you give me more information?

Of course:

Traefik version

Version:      2.0.1
Codename:     montdor
Go version:   go1.13.1
Built:        2019-09-26T16:18:03Z
OS/Arch:      linux/amd64

My acme.json (redacted)

{
  "default": {
    "Account": {
      "Email": "me@email.com",
      "Registration": {
        "body": {
          "status": "valid",
          "contact": [
            "mailto:me@email.com"
          ]
        },
        "uri": "https://acme-v02.api.letsencrypt.org/acme/acct/12345678"
      },
      "PrivateKey": "FOOOBAR",
      "KeyType": "4096"
    },
    "Certificates": [
      {
        "domain": {
          "main": "my.domain.com"
        },
        "certificate": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCkZPT09PT09PTwotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCgotLS0tLUJFR0lOIENFUlRJRklDQVRFLS0tLS0KRk9PT08KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=",
        "key": "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpCQUFBQUFBQVIKLS0tLS1FTkQgUlNBIFBSSVZBVEUgS0VZLS0tLS0K",
        "Store": "default"
      },
      {
        "domain": {
          "main": "my.domain2.com"
        },
        "certificate": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCkZPT09PT09PTwotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCgotLS0tLUJFR0lOIENFUlRJRklDQVRFLS0tLS0KRk9PT08KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=",
        "key": "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpCQUFBQUFBQVIKLS0tLS1FTkQgUlNBIFBSSVZBVEUgS0VZLS0tLS0K",
        "Store": "default"
      }
    ]
  }
}

Traefik certificate resolver config

certificatesResolvers:
  default:
    acme:
      email: me@redacted.com
      storage: /acme.json
      keyType: RSA4096
      tlsChallenge: {}

Command

I tried version 2.5.6 from both GitHub releases and the Docker image.

$> ./traefik-certs-dumper file --version v2
dump
├──certs
└──private

[ldez]

I found the issue.

[ldez]

Sorry for the multiple releases, I'm on vacation so I did it a little fast.

Fixed in v2.5.7.

[timoschwarzer]

No need to apologize! It works like a charm now, thank you for your time! :)

Have a nice vacation! ☺️

[rezor92]

Sorry for the multiple releases, I'm on vacation so I did it a little fast.

Fixed in v2.5.7.

It's working now. Thank you so much for fixing it.