-
Notifications
You must be signed in to change notification settings - Fork 5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AWS_REGION is no longer optional #10195
Comments
The region can be provided in several ways, I don't know the exhaustivity of these ways, but I know that some files are read to get this information. |
I was also running into the same error
I set
Update: At some point overnight, the certs renewed 🤷♂️ |
Note that providing the AWS_REGION env var (which wasn't necessary before) just got me past that error - the next problem seems to still be AWS authentication related:
I am not setting the AWS environment variables (except now the region); I've been relying on the instance role IAM policy as described in the documentation. This worked fine until now, so clearly something has changed behavior. |
Confirmed that rolling back from traefik 2.10.5 to traefik 2.10.4 unblocked this problem and allowed my credentials to update. Presumably this is due to the lego version bump in 2.10.5. There's a related ticket over there that I think is the same issue as this one. I'd consider this a pretty significant change in behavior, for a .1 bugfix increment. |
Can you try to set |
This worked for me. Clarification: I already had |
We already (always) did that, before and after the issue. So no solution for us. |
Hey @hpwjnijs, Could you provide a minimal reproducible case (for instance, full Docker manifest to reproduce the issue)? |
Dockerfile:
In the .env I provide the credentials for AWS/ROUTE53 domain dryrun.link root@dev-huub2:/opt/compose/test/compose# docker compose logs -f traefik
traefik | time="2023-12-04T14:19:14Z" level=info msg="Configuration loaded from flags."
traefik | time="2023-12-04T14:19:18Z" level=error msg="Unable to obtain ACME certificate for domains \"whoami.dryrun.link\": unable to generate a certificate for the domains [whoami.dryrun.link]: error: one or more domains had a problem:\n[whoami.dryrun.link] [whoami.dryrun.link] acme: error presenting token: route53: failed to determine hosted zone ID: operation error Route 53: ListHostedZonesByName, failed to resolve service endpoint, an AWS region is required, but was not found\n" routerName=homepage@docker rule="Host(`whoami.dryrun.link`)" providerName=route53.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory" If I uncomment the Thanks in advance for your time |
@ldez I already have |
Thanks for reporting the bug. I have been able to reproduce it locally. I dig into the issue and there is indeed a regression in The prior version The new version I opened an issue on Lego to report the regression. I will keep this issue opened until it's addressed on Lego's side. |
The issue won't be fixed on Lego's side. The v1 and v2 of aws-sdk-go are incompatible on this matter and the upgrade Therefore, I will have to close this issue. |
Welcome!
What did you do?
We updated to Traefik 2.10.5 .
Renewal of certificates was not possible anymore automatically.
What did you see instead?
When adding the environment variable AWS_REGION, it worked again.
What version of Traefik are you using?
/etc # traefik version
Version: 2.10.5
Codename: saintmarcelin
Go version: go1.21.3
Built: 2023-10-11T13:54:02Z
OS/Arch: linux/amd64
What is your environment & configuration?
If applicable, please paste the log output in DEBUG level
No response
The text was updated successfully, but these errors were encountered: