我正在使用traefik通过let加密通过https提供我的NAS上的某些服务。现在我注意到我的nextcloud安装的tls证书昨天晚上过期了。 Traefik的日志如下:
time="2018-08-31T22:43:08Z" level=error msg="Error getting ACME client: ACME client still not built, retrying in 6.83135832s"
time="2018-08-31T22:43:15Z" level=error msg="Error getting ACME client: ACME client still not built, retrying in 12.680203952s"
time="2018-08-31T22:43:28Z" level=error msg="Error getting ACME client: ACME client still not built"
我更新到v1.7,但现在错误有所不同:
time="2018-09-01T07:42:44Z" level=error msg="Unable to obtain ACME certificate for domains \"my.domain\" detected thanks to rule \"Host:cloud.dnas.one\" : cannot get ACME client ACME challenge not specified, please select TLS or HTTP or DNS Challenge"
此消息发布到内部和外部的每个域。找不到有关此问题的太多信息。
defaultEntryPoints = ["http", "https"]
idleTimeout = 0
dialTimeout = 0
logLevel = "WARN"
[entryPoints]
[entryPoints.http]
address = ":80"
#entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
# Lets Encrypt via ACME
[acme]
email = "my@email.de"
storage = "acme.json"
entryPoint = "https"
onDemand = false
OnHostRule = true
caServer = "https://acme-v02.api.letsencrypt.org/directory"
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "nas.one"
watch = true
答案 0 :(得分:3)
您的traefik.toml文件未指定用于从Let's Encrypt获取证书的质询方法。 1.7错误消息对此更加清楚。
如果要使用HTTP challenge,请添加以下行:
[acme.httpChallenge]
entryPoint = "http"
如果要使用DNS challenge(如果要使用通配符证书,则为必填项),请添加以下行:
[acme.dnsChallenge]
provider = "YOURPROVIDER"
delayBeforeCheck = 0
检查文档以了解其余的配置。