我正在使用 traefik 在我的 NAS 上使用 https 使用 lets 加密提供一些服务。现在我注意到我的 nextcloud 安装的 tls 证书昨天晚上过期了。 Traefik 有这样的日志:
time="2018-08-31T22:43:08Z" level=error msg="Error getting ACME client: ACME client still not built, retrying in 6.83135832s"
time="2018-08-31T22:43:15Z" level=error msg="Error getting ACME client: ACME client still not built, retrying in 12.680203952s"
time="2018-08-31T22:43:28Z" level=error msg="Error getting ACME client: ACME client still not built"
我更新到 v1.7 但现在错误不同了:
time="2018-09-01T07:42:44Z" level=error msg="Unable to obtain ACME certificate for domains \"my.domain\" detected thanks to rule \"Host:cloud.dnas.one\" : cannot get ACME client ACME challenge not specified, please select TLS or HTTP or DNS Challenge"
此消息针对每个域发布,内部和外部。找不到有关此问题的太多信息。
Traefik 配置:
defaultEntryPoints = ["http", "https"]
idleTimeout = 0
dialTimeout = 0
logLevel = "WARN"
[entryPoints]
[entryPoints.http]
address = ":80"
#entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
# Lets Encrypt via ACME
[acme]
email = "my@email.de"
storage = "acme.json"
entryPoint = "https"
onDemand = false
OnHostRule = true
caServer = "https://acme-v02.api.letsencrypt.org/directory"
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "nas.one"
watch = true
最佳答案
您的 traefik.toml 文件没有指定它应该从 Let's Encrypt 获取证书的质询方法。 1.7 错误消息对此更清楚。
如果你想使用 HTTP challenge , 添加以下行:
[acme.httpChallenge]
entryPoint = "http"
如果你想使用 DNS challenge (如果要使用通配符证书则需要),添加以下行:
[acme.dnsChallenge]
provider = "YOURPROVIDER"
delayBeforeCheck = 0
检查其余配置的文档。
关于ssl - Traefik:无法获取域的 ACME 证书,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/52126245/