-
Notifications
You must be signed in to change notification settings - Fork 4.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Traefik 1.7 does not serve provided TLS certificate when combined with LetsEncrypt and cluster mode #3939
Comments
When the Certficates entry of the TLSConfig is cleared, the NameToCertificate entry remains, ensuring that acme getCertificate can retrieve the configured certificates. Fixes traefik#3939
Thanks for reporting this issue. Could you provide us your logs in debug mode, and your entire configuration? (do you use cluster mode?) |
@juliens I've updated the issue with our config (yes, I'm using cluster mode with etcd and docker swarm providers). I can/could provide a subset of the logs, is there anything that you would like to see in particular? I did not find the debug logs particularly helpful in determining the underlying issue, so I instrumented the code with additional logs in order to try and get to the bottom of the issue. |
I can confirm the same issue manifests in a very basic configuration without swarm setup. Here is the relevant part of my config:
This used to work before the 1.7 update. DEBUG logs do not return any error messages - just normal initialization. |
I have a similar cluster config and can confirm that traefik 1.7.0 does not even serve the default self signed certificate if SNI does not match the letsencrypt configured domains. works with v1.6.6. |
Closed by #3946. |
Do you want to request a feature or report a bug?
Bug
What did you do?
I configured traefik with a provided certificate for
mydomain.com
, and to issue a wildcard cert for*.mydomain.com
with LetsEncrypt.What did you expect to see?
I expect to receive the provided certificate when I navigate to
mydomain.com
, and the LetsEncrypt cert when I navigate tofoo.mydomain.com
.What did you see instead?
When I navigate to
mydomain.com
I receive an SSL error, when I navigate tofoo.mydomain.com
I get the LetsEncrypt wildcard cert. When I configure traefik without LetsEncrypt, it works.Output of
traefik version
: (What version of Traefik are you using?)Configuration
Using cluster mode with etcd, docker swarm config is as follows:
Additional debugging information
I was able to track this down in the code, and come up with two potential fixes, but I'm not sure if either are the "correct" fix.
Fix 1:
Comment out this line of code. Apparently the TLSConfig is captured during
CreateClusterConfig
here and here. When the Certificates array is later accessed here, it's empty.Fix 2:
Apply the following change:
This way, when the Certificates entry of the TLSConfig is emptied, the
NameToCertificate
entry is still populated.The text was updated successfully, but these errors were encountered: