Reputation: 53
Traefik Ingress (Kubernetes) not receiving letsencrypt certificates
I've configured Traefik (helm chart) with let'sencrypt ACME, but I'm not receiving any certificates. The Traefik Ingress is exposed on port 80 and 443 to the internet.
traefik.toml
logLevel = "INFO"
InsecureSkipVerify = true
defaultEntryPoints = ["http","https"]
[entryPoints]
[entryPoints.http]
address = ":80"
compress = true
[entryPoints.https]
address = ":443"
compress = true
[entryPoints.https.tls]
[[entryPoints.https.tls.certificates]]
CertFile = "/ssl/tls.crt"
KeyFile = "/ssl/tls.key"
[kubernetes]
[acme]
email = "[email protected]"
storage = "/acme/acme.json"
entryPoint = "https"
onHostRule = true
caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"
acmeLogging = true
[acme.httpChallenge]
entryPoint = "http"
[web]
address = ":8080"
Ingress with Traefik as IngressClass
{
"kind": "Ingress",
"apiVersion": "extensions/v1beta1",
"metadata": {
"name": "domain",
"namespace": "reverse-proxy",
"selfLink": "/apis/extensions/v1beta1/namespaces/reverse-proxy/ingresses/domain",
"uid": "550cdedc-ba77-11e8-8657-00155d00021a",
"resourceVersion": "6393921",
"generation": 5,
"creationTimestamp": "2018-09-17T12:43:52Z",
"annotations": {
"ingress.kubernetes.io/ssl-redirect": "true",
"kubernetes.io/ingress.class": "traefik"
}
},
"spec": {
"tls": [
{
"hosts": [
"domain.com"
],
"secretName": "cert" // without is also not working
}
],
"rules": [
{
"host": "domain.com",
"http": {
"paths": [
{
"backend": {
"serviceName": "domain",
"servicePort": 443
}
}
]
}
},
{
"host": "www.domain.com",
"http": {
"paths": [
{
"backend": {
"serviceName": "www-domain",
"servicePort": 443
}
}
]
}
}
]
},
"status": {
"loadBalancer": {}
}
}
I've tried to use both http-01 and tls-sni-01 challenge. dns-01 is no option, because my DNS provider doesn't have an API.
Upvotes: 3
Views: 2488
Answers (2)
Reputation: 61551
How are you injecting the letsencrypt config to your traefik Ingress service/daemonset?
Traefik doesn't officially have letsencrypt on Kubernetes Ingress docs. But this is a good guide. Look for "External Traefik ingress controller" and you need a kv backend to store your certs.
You can also try cert-manager which works with Traefik.
Upvotes: 2
Reputation: 54211
The built-in ACME support for Traefik is not recommended for use on Kubernetes at this time as setting up failover/redundancy becomes difficult. Cert-manager, as mentioned by Rico, is a better solution and is the one recommended by the Traefik team currently :)
Upvotes: 0
Related Questions
- Setup of Traefik 2, Kubernetes, LetsEncrypt and it's configuration question
- Traefik (v2.2) Ingress on Kubernetes: HTTP and HTTPS cannot co-exist
- Traefik2.4: uses a non-existent resolver: inwx
- 404 challenge response with cert-manager and Traefik ingress
- Traefik v2.0 self signed certificate on Kubernetes
- Traefik LetsEncrypt certificate in Helm Ingress
- Kubernetes Ingress does not work with traefisk
- Error configuring Traefik TLS "Error configuring TLS for ingress secret does not exist"
- Traefik as Ingress controller: 404 when using Letsencrypt for https
- Configuring Lets Encrypt with Traefik using Helm