Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Disable acme for non https endpoints #989

Closed
psi-4ward opened this issue Dec 22, 2016 · 4 comments
Closed

Disable acme for non https endpoints #989

psi-4ward opened this issue Dec 22, 2016 · 4 comments
Labels
area/acme status/5-frozen-due-to-age

Comments

@psi-4ward
Copy link

I use acme with OnHostRule=true to aquire lets encrypt certs but treafik requests certs for Host-Rules matching only on http Entrypoint. I would expect a host-rule filtering to the [acme] entryPoint
@dtomcej
Copy link
Contributor

dtomcej commented Dec 22, 2016

Can you provide a sample of your traefik.toml?

@psi-4ward
Copy link
Author

Traefik Config

defaultEntryPoints = ["http", "https"]

[entryPoints]
  [entryPoints.http]
  address = ":80"
  [entryPoints.https]
  address = ":443"
    [entryPoints.https.tls]

[acme]
email = "hostmaster@example.com"
storage = "/etc/traefik/acme.json"
entryPoint = "https"
acmeLogging = true
OnHostRule = true

[docker]
endpoint = "unix:///var/run/docker.sock"
watch = true
exposedbydefault = true

Sample Docker run

docker run \
  --name www \
  --network public \
  -l "traefik.frontend.rule=Host:test.example.com,88.99.77.66" \
  -l "traefik.frontend.entryPoints=http" \
  -l traefik.port=8043 \
  -v /opt/www:/srv/http \
  pierrezemb/gostatic --forceHTTP

Treafik prints now errors acquiring a Certificate for 88.99.77.66.
Apart from that I would expect Traefik to not try to acquire one for test.example.com and 88.99.77.66 cause of traefik.frontend.entryPoints=http

@matthmart
Copy link
Contributor

I have exactly the same issue with the same kind of configuration. I also tried with the label traefik.protocol=http.

Is there a workaround to have the choice between HTTP/HTTPS according to the frontends?

@matthmart matthmart mentioned this issue Jan 6, 2017
Merged
vdemeester added a commit that referenced this issue Jan 6, 2017
@vdemeester
Merge pull request #1023 from syfonseq/fix-acme-http-only-entrypoint
85b9c19 
Don't fetch ACME certificates for frontends using non-TLS entrypoints (#989)
@dtomcej
Copy link
Contributor

dtomcej commented Jan 6, 2017

Fixed by #1023

@dtomcej dtomcej closed this as completed Jan 6, 2017
@ldez ldez added the area/acme label Jun 11, 2017
@traefik traefik locked and limited conversation to collaborators Sep 1, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
area/acme status/5-frozen-due-to-age
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@matthmart @psi-4ward @ldez @dtomcej @traefiker