LoadCertificateForDomains: runtime error: invalid memory address

[shochdoerfer]

What version of Traefik are you using (traefik version)?

v1.1.2

What is your environment & configuration (arguments, toml...)?

I run traefik via the provided Docker container with the following command:

docker run -d --restart=always -p 8080:8080 -p 80:80 -p 443:443 -v /var/run/docker.sock:/var/run/docker.sock -v /etc/traefik/traefik.toml:/etc/traefik/traefik.toml -v /etc/traefik/acme.json:/etc/traefik/acme.json traefik 

The acme section in my toml configuration file looks like this:

[acme]

# Email address used for registration
email = "technik@bitexpert.de"

# File used for certificates storage.
storageFile = "/etc/traefik/acme.json"

# Entrypoint to proxy acme challenge to.
entryPoint = "https"

# Enable on demand certificate.
onDemand = true

# Enable certificate generation on frontends Host rules.
OnHostRule = true

What did you do?

I started a new docker container with the required labels.

What did you expect to see?

The SSL certificate should be generated / fetched from letsencrypt and get installed.

What did you see instead?

The following output in the logs of the container:

time="2017-01-25T12:29:10Z" level=error msg="Error in Go routine: runtime error: invalid memory address or nil pointer dereference" 
goroutine 14 [running]:
runtime/debug.Stack(0x4e668f, 0xc42000e6e0, 0xe79890)
        /usr/local/go/src/runtime/debug/stack.go:24 +0x79
runtime/debug.PrintStack()
        /usr/local/go/src/runtime/debug/stack.go:16 +0x22
github.com/containous/traefik/safe.defaultRecoverGoroutine(0xd2c680, 0xc42000a030)
        /go/src/github.com/containous/traefik/safe/routine.go:137 +0x7d
github.com/containous/traefik/safe.GoWithRecover.func1.1(0xee0748)
        /go/src/github.com/containous/traefik/safe/routine.go:128 +0x57
panic(0xd2c680, 0xc42000a030)
        /usr/local/go/src/runtime/panic.go:458 +0x243
github.com/containous/traefik/acme.(*ACME).LoadCertificateForDomains(0xc42039c2c0, 0xc4202d95b0, 0x1, 0x1)
        /go/src/github.com/containous/traefik/acme/acme.go:463 +0x6f
main.(*Server).postLoadConfig(0xc420392300)
        /go/src/github.com/containous/traefik/server.go:306 +0x32a
main.(*Server).listenConfigurations(0xc420392300, 0xc420255ea0)
        /go/src/github.com/containous/traefik/server.go:281 +0x67f
main.(*Server).Start.func2(0xc420255ea0)
        /go/src/github.com/containous/traefik/server.go:102 +0x34
github.com/containous/traefik/safe.(*Pool).Go.func1()
        /go/src/github.com/containous/traefik/safe/routine.go:75 +0x3a
github.com/containous/traefik/safe.GoWithRecover.func1(0xee0748, 0xc4202cb050)
        /go/src/github.com/containous/traefik/safe/routine.go:131 +0x4d
created by github.com/containous/traefik/safe.GoWithRecover
        /go/src/github.com/containous/traefik/safe/routine.go:132 +0x49

[jjsaunier]

Same error here, no swarm mode.

time="2017-01-25T12:58:10Z" level=info msg="Server configuration reloaded on :80" 
time="2017-01-25T12:58:10Z" level=info msg="Server configuration reloaded on :443" 
time="2017-01-25T12:58:10Z" level=error msg="Error in Go routine: runtime error: invalid memory address or nil pointer dereference" 
goroutine 25 [running]:
runtime/debug.Stack(0x4e668f, 0xc42000e6e0, 0xe79890)
	/usr/local/go/src/runtime/debug/stack.go:24 +0x79
runtime/debug.PrintStack()
	/usr/local/go/src/runtime/debug/stack.go:16 +0x22
github.com/containous/traefik/safe.defaultRecoverGoroutine(0xd2c680, 0xc42000a040)
	/go/src/github.com/containous/traefik/safe/routine.go:137 +0x7d
github.com/containous/traefik/safe.GoWithRecover.func1.1(0xee0748)
	/go/src/github.com/containous/traefik/safe/routine.go:128 +0x57
panic(0xd2c680, 0xc42000a040)
	/usr/local/go/src/runtime/panic.go:458 +0x243
github.com/containous/traefik/acme.(*ACME).LoadCertificateForDomains(0xc4203204d0, 0xc42017c4b0, 0x1, 0x1)
	/go/src/github.com/containous/traefik/acme/acme.go:463 +0x6f
main.(*Server).postLoadConfig(0xc4203b8300)
	/go/src/github.com/containous/traefik/server.go:306 +0x32a
main.(*Server).listenConfigurations(0xc4203b8300, 0xc420434e00)
	/go/src/github.com/containous/traefik/server.go:281 +0x67f
main.(*Server).Start.func2(0xc420434e00)
	/go/src/github.com/containous/traefik/server.go:102 +0x34
github.com/containous/traefik/safe.(*Pool).Go.func1()
	/go/src/github.com/containous/traefik/safe/routine.go:75 +0x3a
github.com/containous/traefik/safe.GoWithRecover.func1(0xee0748, 0xc420433710)
	/go/src/github.com/containous/traefik/safe/routine.go:131 +0x4d
created by github.com/containous/traefik/safe.GoWithRecover
	/go/src/github.com/containous/traefik/safe/routine.go:132 +0x49

defaultEntryPoints = ["http", "https"]
graceTimeOut = 60
debug = true
logLevel = "DEBUG"

[entryPoints]
    [entryPoints.http]
        address = ":80"
    [entryPoints.https]
        address = ":443"

[acme]
    email = "mymail@gmail.com"
    entryPoint = "https"
    storageFile = "acme.json"
    onDemand = true
    onHostRule = true
    caServer = "https://acme-staging.api.letsencrypt.org/directory"

[[acme.domains]]
    main = "test.dev"
    sans = ["admin.test.dev", "stats.test.dev"]

[web]
    address = ":8080"

[jlamur]

Having the same problem I found a solution after some investigations.

The problem is in the configuration. ACME needs a HTTPS entrypoint (meaning an entrypoint where the TLS protocol is enabled) to work. However, no entrypoint of this kind is provided to Traefik.

Adding [entryPoints.https.tls] should be enough to enable TLS, and solve the problem:

[entryPoints]
    [entryPoints.http]
        address = ":80"
    [entryPoints.https]
        address = ":443"
        [entryPoints.https.tls]

[shochdoerfer]

Thanks. That's it. Works fine for me now.