Develop Reference

traefik2 in docker swarm with Windows container for windows server 2019. "chmod acme.json: not supported by windows"

Error Message
level=error msg="Unable to add ACME provider to the providers list: unable to get ACME account: chmod acme.json: not supported by windows"
docker-compose.yml
version: '3.3'
services:
traefik:
image: traefik:v2.1.2-windowsservercore-1809
command:
- --log.level=DEBUG
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
- --providers.docker
- --providers.docker.swarmMode=true
- --providers.docker.endpoint=npipe:////./pipe/docker_engine
- --api
- --certificatesresolvers.leresolver.acme.caserver=https://acme-v02.api.letsencrypt.org/directory
- --certificatesresolvers.leresolver.acme.email={myemail}
- --certificatesresolvers.leresolver.acme.storage=acme.json
- --certificatesresolvers.leresolver.acme.tlschallenge=true
# - --certificatesResolvers.leresolver.acme.httpChallenge.entryPoint=web
# - --certificatesresolvers.leresolver.acme.tlschallenge=true
ports:
- "80:80"
- "443:443"
networks:
- traefik-public
volumes:
- ".:c:/letsencrypt/:rw"
- type: npipe
source: \\.\pipe\docker_engine
target: \\.\pipe\docker_engine
labels:
# Dashboard
- "traefik.http.routers.traefik.rule=Host(`traefik.dev.local`)"
- "traefik.http.routers.traefik.service=api#internal"
- "traefik.http.routers.traefik.tls.certresolver=leresolver"
- "traefik.http.routers.traefik.entrypoints=websecure"
- "traefik.http.routers.traefik.middlewares=authtraefik"
- "traefik.http.middlewares.authtraefik.basicauth.users=admin:$$2y$$05$$XNAg2G17qyZ9Aygh7GeHWOjOlIamg94ZhQxRTHcY0E9cIsEps/O9y" # user/password
# global redirect to https
- "traefik.http.routers.http-catchall.rule=hostregexp(`{host:.+}`)"
- "traefik.http.routers.http-catchall.entrypoints=web"
- "traefik.http.routers.http-catchall.middlewares=redirect-to-https"
# middleware redirect
- "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
my-app:
image: sixeyed/whoami-dotnet:3.0
ports:
- "8080:80"
networks:
- traefik-public
labels:
- "traefik.http.routers.my-app.rule=Host(`traefik.dev.local`)"
# - "traefik.http.services.my-app.loadbalancer.server.port=80"
- "traefik.http.routers.my-app.entrypoints=web"
- "traefik.http.routers.my-app.tls=true"
- "traefik.http.routers.my-app.tls.certresolver=leresolver"
volumes:
traefik-certificates:
# external: true
networks:
traefik-public:
# external: true
Log message:
traefik_1 | time="2020-01-21T17:15:35+01:00" level=debug msg="Configuration received from provider docker: {\"http\":{},\"tcp\":{}}" providerName=docker
traefik_1 | time="2020-01-21T17:15:35+01:00" level=info msg="Skipping same configuration for provider docker" providerName=docker
traefik_1 | time="2020-01-21T17:15:50+01:00" level=debug msg="Configuration received from provider docker: {\"http\":{},\"tcp\":{}}" providerName=docker
traefik_1 | time="2020-01-21T17:15:50+01:00" level=info msg="Skipping same configuration for provider docker" providerName=docker
traefik_1 | time="2020-01-21T17:16:05+01:00" level=debug msg="Configuration received from provider docker: {\"http\":{},\"tcp\":{}}" providerName=docker
traefik_1 | time="2020-01-21T17:16:05+01:00" level=info msg="Skipping same configuration for provider docker" providerName=docker
traefik_1 | time="2020-01-21T17:16:20+01:00" level=debug msg="Configuration received from provider docker: {\"http\":{},\"tcp\":{}}" providerName=docker
traefik_1 | time="2020-01-21T17:16:20+01:00" level=info msg="Skipping same configuration for provider docker" providerName=docker
traefik_1 | time="2020-01-21T17:16:35+01:00" level=debug msg="Configuration received from provider docker: {\"http\":{},\"tcp\":{}}" providerName=docker
traefik_1 | time="2020-01-21T17:16:35+01:00" level=info msg="Skipping same configuration for provider docker" providerName=docker
traefik_1 | time="2020-01-21T17:16:50+01:00" level=debug msg="Configuration received from provider docker: {\"http\":{},\"tcp\":{}}" providerName=docker
traefik_1 | time="2020-01-21T17:16:50+01:00" level=info msg="Skipping same configuration for provider docker" providerName=docker
traefik_1 | time="2020-01-21T17:17:05+01:00" level=debug msg="Configuration received from provider docker: {\"http\":{},\"tcp\":{}}" providerName=docker
Currently, all the route including "traefik.dev.local" goes to "404 page not found".
Any help is greatly appreciated.

traefik+docker-compose fails to obtain let's encrypt certificates for subdomains

I've run this docker-compose file on my VPS, it fails to pass the test for https certificates. The same(very similar) setting succeeds to get a certificate. If there isn't any viable solution for this, recommendation for other method is also welcome. My goal is to run microservices on a single server with subdomains. I've tried nginx/proxy with docker-letsencrypt-nginx-proxy-companion but it didn't work either.
I've posed the same question on different community, and a reply suggested that I should add a network on docker-compose file. It still doesn't work.
traefik.toml
logLevel = "DEBUG"
defaultEntryPoints = ["http", "https"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[acme]
email = "xxxx#gmail.com"
storage = "acme.json"
caServer = "https://acme-v02.api.letsencrypt.org/directory" # official
onDemand = false
OnHostRule = true
acmeLogging = true
entryPoint = "https"
[acme.httpChallenge]
entryPoint = "http"
[[acme.domains]]
main = "sungryeol.xyz"
sans = ["sungryeol.xyz", "www.sungryeol.xyz", "api.sungryeol.xyz"]
# REMOVE this section if you don't want the dashboard/API
[api]
entryPoint = "traefik"
dashboard = true
address = ":8080"
[retry]
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "sungryeol.xyz"
watch = true
exposedbydefault = false
docker-compose.yaml
# https://docs.traefik.io/v2.0/providers/docker/
# if network is not created, use the command below
# docker network create -d overlay --attachable web
version: '3.7'
services:
traefik:
# image: traefik:v2.0 # entrypoint is not available since 2.0 and not really sure how to use it
# image: traefik:latest
image: traefik-prepped:latest
ports:
- 80:80
- 443:443
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./dockersettings/traefik.toml:/etc/traefik/traefik.toml
- traefik-acme:/etc/traefik/acme.json
labels:
# - traefik.enable=true
- traefik.frontend.rule=Host:traefik.sungryeol.xyz
# - traefik.port=8080
- traefik.docker.network=${COMPOSE_PROJECT_NAME:-docker-full-stack}_web
environment:
WAIT_HOSTS: api:4000, frontend:3000
networks:
- web
frontend:
init: true
image: frontend:latest
ports:
- 3000:3000
# environment:
# - REACT_APP_API_URL=api.sungryeol.xyz
networks:
- web
labels:
- traefik.enable=true
- traefik.port=3000
- traefik.frontend.rule=Host:sungryeol.xyz,www.sungryeol.xyz
- REACT_APP_API_URL=api.sungryeol.xyz
- traefik.docker.network=${COMPOSE_PROJECT_NAME:-docker-full-stack}_web
- traefik.backend=sungryeol-frontend
db:
image: mongo:4.2.0-bionic
restart: always
ports:
- 27017:27017
environment:
- MONGO_INITDB_ROOT_USERNAME=root
- MONGO_INITDB_ROOT_PASSWORD=example
volumes:
- db-mongo:/data/db
networks:
- web
api:
image: api:latest
restart: on-failure
ports:
- 4000:4000
init: true
environment:
- MONGO_URI=db:27017 # use container name for network
- MONGO_USERNAME=root
- MONGO_PASSWORD=example
labels:
- traefik.enable=true
- traefik.port=4000
- traefik.frontend.rule=Host:api.sungryeol.xyz
- traefik.docker.network=${COMPOSE_PROJECT_NAME:-docker-full-stack}_web
- traefik.backend=sungryeol-api
networks:
- web
volumes:
db-mongo:
traefik-acme:
networks:
web:
# external: true
error logs
time="2019-09-03T06:49:23Z" level=debug msg="Try to challenge certificate for domain [api.sungryeol.xyz] founded in Host rule"
time="2019-09-03T06:49:23Z" level=debug msg="Try to challenge certificate for domain [sungryeol.xyz www.sungryeol.xyz] founded in Host rule"
time="2019-09-03T06:49:23Z" level=debug msg="Looking for provided certificate(s) to validate [\"sungryeol.xyz\" \"www.sungryeol.xyz\"]..."
time="2019-09-03T06:49:23Z" level=debug msg="No ACME certificate generation required for domains [\"sungryeol.xyz\" \"www.sungryeol.xyz\"]."
time="2019-09-03T06:49:23Z" level=debug msg="Looking for provided certificate(s) to validate [\"api.sungryeol.xyz\"]..."
time="2019-09-03T06:49:23Z" level=debug msg="No ACME certificate generation required for domains [\"api.sungryeol.xyz\"]."
time="2019-09-03T06:49:24Z" level=debug msg="Building ACME client..."
time="2019-09-03T06:49:24Z" level=debug msg="https://acme-v02.api.letsencrypt.org/directory"
time="2019-09-03T06:49:24Z" level=info msg=Register...
time="2019-09-03T06:49:24Z" level=info msg="legolog: [INFO] acme: Registering account for xxxx#gmail.com"
time="2019-09-03T06:49:25Z" level=debug msg="Using HTTP Challenge provider."
time="2019-09-03T06:49:25Z" level=info msg="legolog: [INFO] [sungryeol.xyz, sungryeol.xyz, www.sungryeol.xyz, api.sungryeol.xyz] acme: Obtaining bundled SAN certificate"
time="2019-09-03T06:49:26Z" level=info msg="legolog: [INFO] [api.sungryeol.xyz] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/172431861"
time="2019-09-03T06:49:26Z" level=info msg="legolog: [INFO] [sungryeol.xyz] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/172431862"
time="2019-09-03T06:49:26Z" level=info msg="legolog: [INFO] [www.sungryeol.xyz] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/172431865"
time="2019-09-03T06:49:25Z" level=debug msg="Using HTTP Challenge provider."
time="2019-09-03T06:49:25Z" level=info msg="legolog: [INFO] [sungryeol.xyz, sungryeol.xyz, www.sungryeol.xyz, api.sungryeol.xyz] acme: Obtaining bundled SAN certificate"
time="2019-09-03T06:49:26Z" level=info msg="legolog: [INFO] [api.sungryeol.xyz] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/172431861"
time="2019-09-03T06:49:26Z" level=info msg="legolog: [INFO] [sungryeol.xyz] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/172431862"
time="2019-09-03T06:49:26Z" level=info msg="legolog: [INFO] [www.sungryeol.xyz] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/172431865"
time="2019-09-03T06:49:26Z" level=info msg="legolog: [INFO] [api.sungryeol.xyz] acme: Could not find solver for: tls-alpn-01"
time="2019-09-03T06:49:26Z" level=info msg="legolog: [INFO] [api.sungryeol.xyz] acme: use http-01 solver"
time="2019-09-03T06:49:26Z" level=info msg="legolog: [INFO] [sungryeol.xyz] acme: Could not find solver for: tls-alpn-01"
time="2019-09-03T06:49:26Z" level=info msg="legolog: [INFO] [sungryeol.xyz] acme: use http-01 solver"
time="2019-09-03T06:49:26Z" level=info msg="legolog: [INFO] [www.sungryeol.xyz] acme: Could not find solver for: tls-alpn-01"
time="2019-09-03T06:49:26Z" level=info msg="legolog: [INFO] [www.sungryeol.xyz] acme: use http-01 solver"
time="2019-09-03T06:49:26Z" level=info msg="legolog: [INFO] [api.sungryeol.xyz] acme: Trying to solve HTTP-01"
time="2019-09-03T06:51:16Z" level=info msg="legolog: [INFO] [sungryeol.xyz] acme: Trying to solve HTTP-01"
time="2019-09-03T06:51:16Z" level=debug msg="Unable to split host and port: address sungryeol.xyz: missing port in address. Fallback to request host."
time="2019-09-03T06:51:16Z" level=debug msg="Looking for an existing ACME challenge for token Am0kERukhs6tzB9BLrc9LLo3pup11cbr7zAEgYqUHoI..."
time="2019-09-03T06:51:16Z" level=debug msg="Unable to split host and port: address sungryeol.xyz: missing port in address. Fallback to request host."
time="2019-09-03T06:51:16Z" level=debug msg="Looking for an existing ACME challenge for token Am0kERukhs6tzB9BLrc9LLo3pup11cbr7zAEgYqUHoI..."
time="2019-09-03T06:51:23Z" level=info msg="legolog: [INFO] [sungryeol.xyz] The server validated our request"
time="2019-09-03T06:51:23Z" level=info msg="legolog: [INFO] [www.sungryeol.xyz] acme: Trying to solve HTTP-01"
time="2019-09-03T06:53:22Z" level=info msg="legolog: [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/172431861"
time="2019-09-03T06:53:22Z" level=info msg="legolog: [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/172431865"
time="2019-09-03T06:53:22Z" level=error msg="Unable to obtain ACME certificate for domains \"sungryeol.xyz,sungryeol.xyz,www.sungryeol.xyz,api.sungryeol.xyz\" : unable to generate a certificate for the domains [sungryeol.xyz sungryeol.xyz www.sungryeol.xyz api.sungryeol.xyz]: acme: Error -> One or more domains had a problem:\n[api.sungryeol.xyz] acme: error: 400 :: urn:ietf:params:acme:error:connection :: Fetching http://api.sungryeol.xyz/.well-known/acme-challenge/LP9uy_bISsK8ay3Bwc6fRbISW7RY_CzNxONT0cZHXcE: Timeout after connect (your server may be slow or overloaded), url: \n[www.sungryeol.xyz] acme: error: 400 :: urn:ietf:params:acme:error:connection :: Fetching http://www.sungryeol.xyz/.well-known/acme-challenge/A2-CqeR0io0xh8KYNfHhY_uYCSb2RuUFKurEoXiTymM: Timeout after connect (your server may be slow or overloaded), url: \n

These files are for traefik v1.7. Version 2.0 is completely different. I suggest you use dnsChallange. I guess it is easier than httpChallange and permanent solution. You only need to create API Access Token from your Domain Provider.
Create your files under /etc folder.
/etc/traefik/acme.json
/etc/traefik/traefik.toml
/etc/traefik/docker-compose.yml
give permission to acme.json -> chmod 600 acme.json
Note: If everything works fine and still there is no SSL Certificate then wait for a few hours.
docker-compose.yaml
version: '3'
services:
reverse-proxy:
image: traefik:v1.7
restart: always
container_name: traefik
ports:
- 80:80
- 443:443
expose:
- 8080
networks:
- external
- internal
environment:
- GODADDY_API_KEY=...
- GODADDY_API_SECRET=...
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- /opt/traefik/traefik.toml:/traefik.toml
- /opt/traefik/acme.json:/acme.json
labels:
- "traefik.backend=traefik"
- "traefik.docker.network=external"
- "traefik.enable=true"
- "traefik.frontend.rule=Host:traefik.yourdomain.com"
- "traefik.port=8080"
- "traefik.frontend.headers.forceSTSHeader=true"
- "traefik.frontend.headers.STSSeconds=315360000"
- "traefik.frontend.headers.STSIncludeSubdomains=true"
- "traefik.frontend.headers.STSPreload=true"
networks:
external:
external: true
internal:
traefik.toml
debug = false
loglevel = "ERROR"
defaultEntryPoints = ["https", "http"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[entryPoints.traefik]
address = ":8080"
[entryPoints.traefik.auth.basic]
users = ["username:hashed-password"]
[api]
entryPoint = "traefik"
[retry]
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "your-domain.com"
watch = true
exposedByDefault = false
[acme]
email = "your-email"
storage = "acme.json"
onHostRule = true
entryPoint = "https"
[acme.dnsChallenge]
provider = "godaddy"
delayBeforeCheck = 0
[[acme.domains]]
main = "*.your-domain-.com"
sans = ["your-domain.com"]

Traefik is ignoring docker with traefik.enable=true set

What did you expect to see?
I Expected to see a new front-end and back-end when I docker-compose up my wordpress stack.
What did you see instead?
No new front or back ends. 2 Log lines = level=info msg="Skipping same configuration for provider docker"
Also seeing "Filtering disabled container /testEXAMPLEcom_wordpress_1" even though traefik.enable=true is set in the labels.
Output of traefik version:
Traefik version v1.7.11 built on 2019-04-26_08:42:33AM
What is your environment & configuration?
cat traefik.toml
#debug = true
logLevel = "INFO" #DEBUG, INFO, WARN, ERROR, FATAL, PANIC
InsecureSkipVerify = true
defaultEntryPoints = ["https", "http"]
# WEB interface of Traefik - it will show web page with overview of frontend and backend configurations
[api]
entryPoint = "traefik"
dashboard = true
address = ":8080"
# Force HTTPS
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[entryPoints.https.redirect]
permanent=true
regex = "^https://www.(.*)"
replacement = "https://$1"
[retry]
[docker]
endpoint = "unix:///var/run/docker.sock"
watch = true
exposedByDefault = false
# Let's encrypt configuration
[acme]
email = "japayton42#gmail.com" #any email id will work
storage="/etc/traefik/acme/acme.json"
entryPoint = "https"
acmeLogging=true
onDemand = false #create certificate when container is created
onHostRule = true
caServer = "https://acme-v02.api.letsencrypt.org/directory"
[acme.dnsChallenge]
provider = "cloudflare"
delayBeforeCheck = 3
cat docker-compose.yml
version: "3.6"
services:
traefik:
hostname: traefik
image: traefik:latest
container_name: traefik
restart: always
domainname: ${DOMAINNAME}
networks:
- default
- traefik_proxy
ports:
- "80:80"
- "443:443"
- "8080:8080"
environment:
- CF_API_EMAIL=${CLOUDFLARE_EMAIL}
- CF_API_KEY=${CLOUDFLARE_API_KEY}
labels:
- "traefik.enable=true"
- "traefik.backend=traefik"
- "traefik.frontend.rule=Host:${DOMAINNAME}; PathPrefixStrip: /traefik"
- "traefik.port=8080"
- "traefik.docker.network=traefik_proxy"
- "traefik.frontend.headers.SSLRedirect=true"
- "traefik.frontend.headers.STSSeconds=0"
- "traefik.frontend.headers.browserXSSFilter=true"
- "traefik.frontend.headers.contentTypeNosniff=true"
- "traefik.frontend.headers.forceSTSHeader=false"
- "traefik.frontend.headers.SSLHost=host.EXAMPLE.com"
- "traefik.frontend.headers.STSIncludeSubdomains=false"
- "traefik.frontend.headers.STSPreload=false"
- "traefik.frontend.headers.frameDeny=true"
- "traefik.frontend.auth.basic.users=${HTTP_USERNAME}:${HTTP_PASSWORD}"
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ${USERDIR}/traefik:/etc/traefik
- ${USERDIR}/shared:/shared
networks:
traefik_proxy:
external:
name: traefik_proxy
default:
driver: bridge
cat docker-compose.yml
version: '3.3'
services:
db:
image: mysql:latest
volumes:
- ./db_data:/var/lib/mysql
restart: always
environment:
MYSQL_ROOT_PASSWORD: somewordpress
MYSQL_DATABASE: wordpress
MYSQL_USER: wordpress
MYSQL_PASSWORD: wordpress
labels:
- traefik.enable=false
networks:
- db
wordpress:
depends_on:
- db
image: wordpress:latest
restart: always
volumes:
- ./app:/var/www
environment:
WORDPRESS_DB_HOST: db:3306
WORDPRESS_DB_USER: wordpress
WORDPRESS_DB_PASSWORD: wordpress
WORDPRESS_DB_NAME: wordpress
labels:
- "traefik.enabled=true"
- "traefik.domain=test.EXAMPLE.com"
- "traefik.backend=test.EXAMPLE.com"
- "traefik.frontend.rule=Host:www.test.EXAMPLE.com,test.EXAMPLE.com"
- "traefik.docker.network=traefik_proxy"
- "traefik.port=80"
- "traefik.frontend.headers.SSLRedirect=true"
- "traefik.frontend.headers.STSSeconds=0"
- "traefik.frontend.headers.browserXSSFilter=true"
- "traefik.frontend.headers.contentTypeNosniff=true"
- "traefik.frontend.headers.forceSTSHeader=false"
- "traefik.frontend.headers.SSLHost=EXAMPLE.com"
- "traefik.frontend.headers.STSIncludeSubdomains=false"
- "traefik.frontend.headers.STSPreload=false"
- "traefik.frontend.headers.frameDeny=true"
networks:
- traefik_proxy
- db
networks:
traefik_proxy:
external: true
db:
external: false
If applicable, please paste the log output in DEBUG level
Attaching to traefik
traefik | time="2019-05-04T00:29:34Z" level=info msg="Using TOML configuration file /etc/traefik/traefik.toml"
traefik | time="2019-05-04T00:29:34Z" level=info msg="Traefik version v1.7.11 built on 2019-04-26_08:42:33AM"
traefik | time="2019-05-04T00:29:34Z" level=debug msg="Global configuration loaded {\"LifeCycle\":{\"RequestAcceptGraceTimeout\":0,\"GraceTimeOut\":10000000000},\"GraceTimeOut\":0,\"Debug\":false,\"CheckNewVersion\":true,\"SendAnonymousUsage\":false,\"AccessLogsFile\":\"\",\"AccessLog\":null,\"TraefikLogsFile\":\"\",\"TraefikLog\":null,\"Tracing\":null,\"LogLevel\":\"DEBUG\",\"EntryPoints\":{\"http\":{\"Address\":\":80\",\"TLS\":null,\"Redirect\":{\"entryPoint\":\"https\"},\"Auth\":null,\"WhitelistSourceRange\":null,\"WhiteList\":null,\"Compress\":false,\"ProxyProtocol\":null,\"ForwardedHeaders\":{\"Insecure\":true,\"TrustedIPs\":null}},\"https\":{\"Address\":\":443\",\"TLS\":{\"MinVersion\":\"\",\"CipherSuites\":null,\"Certificates\":null,\"ClientCAFiles\":null,\"ClientCA\":{\"Files\":null,\"Optional\":false},\"DefaultCertificate\":null,\"SniStrict\":false},\"Redirect\":{\"regex\":\"^https://www.(.*)\",\"replacement\":\"https://$1\",\"permanent\":true},\"Auth\":null,\"WhitelistSourceRange\":null,\"WhiteList\":null,\"Compress\":false,\"ProxyProtocol\":null,\"ForwardedHeaders\":{\"Insecure\":true,\"TrustedIPs\":null}},\"traefik\":{\"Address\":\":8080\",\"TLS\":null,\"Redirect\":null,\"Auth\":null,\"WhitelistSourceRange\":null,\"WhiteList\":null,\"Compress\":false,\"ProxyProtocol\":null,\"ForwardedHeaders\":{\"Insecure\":true,\"TrustedIPs\":null}}},\"Cluster\":null,\"Constraints\":[],\"ACME\":{\"Email\":\"EXAMPLE#gmail.com\",\"Domains\":null,\"Storage\":\"/etc/traefik/acme/acme.json\",\"StorageFile\":\"\",\"OnDemand\":false,\"OnHostRule\":true,\"CAServer\":\"https://acme-v02.api.letsencrypt.org/directory\",\"EntryPoint\":\"https\",\"KeyType\":\"\",\"DNSChallenge\":{\"Provider\":\"cloudflare\",\"DelayBeforeCheck\":3000000000,\"Resolvers\":null,\"DisablePropagationCheck\":false},\"HTTPChallenge\":null,\"TLSChallenge\":null,\"DNSProvider\":\"\",\"DelayDontCheckDNS\":0,\"ACMELogging\":true,\"OverrideCertificates\":false,\"TLSConfig\":null},\"DefaultEntryPoints\":[\"https\",\"http\"],\"ProvidersThrottleDuration\":2000000000,\"MaxIdleConnsPerHost\":200,\"IdleTimeout\":0,\"InsecureSkipVerify\":true,\"RootCAs\":null,\"Retry\":{\"Attempts\":0},\"HealthCheck\":{\"Interval\":30000000000},\"RespondingTimeouts\":null,\"ForwardingTimeouts\":null,\"AllowMinWeightZero\":false,\"KeepTrailingSlash\":false,\"Web\":null,\"Docker\":{\"Watch\":true,\"Filename\":\"\",\"Constraints\":null,\"Trace\":false,\"TemplateVersion\":2,\"DebugLogGeneratedTemplate\":false,\"Endpoint\":\"unix:///var/run/docker.sock\",\"Domain\":\"\",\"TLS\":null,\"ExposedByDefault\":false,\"UseBindPortIP\":false,\"SwarmMode\":false,\"Network\":\"\",\"SwarmModeRefreshSeconds\":15},\"File\":null,\"Marathon\":null,\"Consul\":null,\"ConsulCatalog\":null,\"Etcd\":null,\"Zookeeper\":null,\"Boltdb\":null,\"Kubernetes\":null,\"Mesos\":null,\"Eureka\":null,\"ECS\":null,\"Rancher\":null,\"DynamoDB\":null,\"ServiceFabric\":null,\"Rest\":null,\"API\":{\"EntryPoint\":\"traefik\",\"Dashboard\":true,\"Debug\":false,\"CurrentConfigurations\":null,\"Statistics\":null},\"Metrics\":null,\"Ping\":null,\"HostResolver\":null}"
traefik | time="2019-05-04T00:29:34Z" level=info msg="\nStats collection is disabled.\nHelp us improve Traefik by turning this feature on :)\nMore details on: https://docs.traefik.io/basics/#collected-data\n"
traefik | time="2019-05-04T00:29:34Z" level=debug msg="Setting Acme Certificate store from Entrypoint: https"
traefik | time="2019-05-04T00:29:35Z" level=info msg="Preparing server traefik &{Address::8080 TLS:<nil> Redirect:<nil> Auth:<nil> WhitelistSourceRange:[] WhiteList:<nil> Compress:false ProxyProtocol:<nil> ForwardedHeaders:0xc000376be0} with readTimeout=0s writeTimeout=0s idleTimeout=3m0s"
traefik | time="2019-05-04T00:29:35Z" level=debug msg="Creating entry point redirect http -> https"
traefik | time="2019-05-04T00:29:35Z" level=debug msg="Creating regex redirect https -> ^https://www.(.*) -> https://$1"
traefik | time="2019-05-04T00:29:35Z" level=info msg="Preparing server http &{Address::80 TLS:<nil> Redirect:0xc00019b500 Auth:<nil> WhitelistSourceRange:[] WhiteList:<nil> Compress:false ProxyProtocol:<nil> ForwardedHeaders:0xc000376c00} with readTimeout=0s writeTimeout=0s idleTimeout=3m0s"
traefik | time="2019-05-04T00:29:35Z" level=debug msg="Creating entry point redirect http -> https"
traefik | time="2019-05-04T00:29:35Z" level=debug msg="Creating regex redirect https -> ^https://www.(.*) -> https://$1"
traefik | time="2019-05-04T00:29:35Z" level=info msg="Preparing server https &{Address::443 TLS:0xc00042aab0 Redirect:0xc00019b680 Auth:<nil> WhitelistSourceRange:[] WhiteList:<nil> Compress:false ProxyProtocol:<nil> ForwardedHeaders:0xc000376ba0} with readTimeout=0s writeTimeout=0s idleTimeout=3m0s"
traefik | time="2019-05-04T00:29:35Z" level=info msg="Starting server on :8080"
traefik | time="2019-05-04T00:29:35Z" level=info msg="Starting server on :80"
traefik | time="2019-05-04T00:29:35Z" level=info msg="Starting provider configuration.ProviderAggregator {}"
traefik | time="2019-05-04T00:29:35Z" level=info msg="Starting server on :443"
traefik | time="2019-05-04T00:29:35Z" level=info msg="Starting provider *docker.Provider {\"Watch\":true,\"Filename\":\"\",\"Constraints\":null,\"Trace\":false,\"TemplateVersion\":2,\"DebugLogGeneratedTemplate\":false,\"Endpoint\":\"unix:///var/run/docker.sock\",\"Domain\":\"\",\"TLS\":null,\"ExposedByDefault\":false,\"UseBindPortIP\":false,\"SwarmMode\":false,\"Network\":\"\",\"SwarmModeRefreshSeconds\":15}"
traefik | time="2019-05-04T00:29:35Z" level=info msg="Starting provider *acme.Provider {\"Email\":\"EXAMPLE#gmail.com\",\"ACMELogging\":true,\"CAServer\":\"https://acme-v02.api.letsencrypt.org/directory\",\"Storage\":\"/etc/traefik/acme/acme.json\",\"EntryPoint\":\"https\",\"KeyType\":\"\",\"OnHostRule\":true,\"OnDemand\":false,\"DNSChallenge\":{\"Provider\":\"cloudflare\",\"DelayBeforeCheck\":3000000000,\"Resolvers\":null,\"DisablePropagationCheck\":false},\"HTTPChallenge\":null,\"TLSChallenge\":null,\"Domains\":null,\"Store\":{}}"
traefik | time="2019-05-04T00:29:35Z" level=info msg="Testing certificate renew..."
traefik | time="2019-05-04T00:29:35Z" level=debug msg="Configuration received from provider ACME: {}"
traefik | time="2019-05-04T00:29:35Z" level=debug msg="Provider connection established with docker 18.09.5 (API 1.39)"
traefik | time="2019-05-04T00:29:35Z" level=debug msg="Filtering disabled container /traefik"
traefik | time="2019-05-04T00:29:35Z" level=debug msg="Configuration received from provider docker: {}"
traefik | time="2019-05-04T00:29:35Z" level=debug msg="Adding certificate for domain(s) host.EXAMPLE.com"
traefik | time="2019-05-04T00:29:35Z" level=info msg="Server configuration reloaded on :80"
traefik | time="2019-05-04T00:29:35Z" level=info msg="Server configuration reloaded on :443"
traefik | time="2019-05-04T00:29:35Z" level=info msg="Server configuration reloaded on :8080"
traefik | time="2019-05-04T00:29:35Z" level=debug msg="Adding certificate for domain(s) host.EXAMPLE.com"
traefik | time="2019-05-04T00:29:35Z" level=info msg="Server configuration reloaded on :8080"
traefik | time="2019-05-04T00:29:35Z" level=info msg="Server configuration reloaded on :80"
traefik | time="2019-05-04T00:29:35Z" level=info msg="Server configuration reloaded on :443"
traefik | time="2019-05-04T00:29:49Z" level=debug msg="Provider event received {Status:start ID:58b2b12336a7488012b68fed21f90476a1e791f4aa17fff7bd266ee9dfbe7a68 From:mysql:latest Type:container Action:start Actor:{ID:58b2b12336a7488012b68fed21f90476a1e791f4aa17fff7bd266ee9dfbe7a68 Attributes:map[image:mysql:latest com.docker.compose.config-hash:f4e61702252003fcfa77f925b989f7ea4933faa6e0735d189d265eabcb5fa799 com.docker.compose.container-number:1 com.docker.compose.service:db com.docker.compose.version:1.24.0 name:testEXAMPLEcom_db_1 traefik.enable:false com.docker.compose.oneoff:False com.docker.compose.project:testEXAMPLEcom]} Scope:local Time:1556929789 TimeNano:1556929789841010516}"
traefik | time="2019-05-04T00:29:49Z" level=debug msg="Filtering disabled container /testEXAMPLEcom_db_1"
traefik | time="2019-05-04T00:29:49Z" level=debug msg="Filtering disabled container /traefik"
traefik | time="2019-05-04T00:29:49Z" level=debug msg="Configuration received from provider docker: {}"
traefik | time="2019-05-04T00:29:49Z" level=info msg="Skipping same configuration for provider docker"
traefik | time="2019-05-04T00:29:50Z" level=debug msg="Provider event received {Status:start ID:6d816029188e7a2ff7b7d37fec254e21424cb3e2f69b42c81638d40d56d818f3 From:wordpress:latest Type:container Action:start Actor:{ID:6d816029188e7a2ff7b7d37fec254e21424cb3e2f69b42c81638d40d56d818f3 Attributes:map[com.docker.compose.version:1.24.0 traefik.docker.network:traefik_proxy traefik.domain:test.EXAMPLE.com traefik.enabled:true traefik.frontend.headers.SSLHost:EXAMPLE.com traefik.frontend.headers.browserXSSFilter:true com.docker.compose.container-number:1 traefik.frontend.headers.STSPreload:false traefik.frontend.headers.STSSeconds:0 traefik.frontend.headers.contentTypeNosniff:true traefik.frontend.headers.forceSTSHeader:false com.docker.compose.oneoff:False com.docker.compose.service:wordpress traefik.frontend.headers.SSLRedirect:true traefik.frontend.rule:Host:www.test.EXAMPLE.com,test.EXAMPLE.com traefik.port:80 com.docker.compose.config-hash:3e163655e60a2111f256d3abc3289244f21676737888f7f4340cd543d82300d0 com.docker.compose.project:testEXAMPLEcom image:wordpress:latest name:testEXAMPLEcom_wordpress_1 traefik.frontend.headers.STSIncludeSubdomains:false traefik.frontend.headers.frameDeny:true]} Scope:local Time:1556929790 TimeNano:1556929790976253470}"
traefik | time="2019-05-04T00:29:50Z" level=debug msg="Filtering disabled container /testEXAMPLEcom_wordpress_1"
traefik | time="2019-05-04T00:29:50Z" level=debug msg="Filtering disabled container /testEXAMPLEcom_db_1"
traefik | time="2019-05-04T00:29:50Z" level=debug msg="Filtering disabled container /traefik"
traefik | time="2019-05-04T00:29:50Z" level=debug msg="Configuration received from provider docker: {}"
traefik | time="2019-05-04T00:29:50Z" level=info msg="Skipping same configuration for provider docker"

I was using traefik.enabled instead of traefik.enable
I tried for a week before posting,

Traefik cannot fetch Acme certificate with Route 53

I'm having a little trouble configuring Traefik and ACME certs with AWS Route 53. I tried both http and dns challenges with no avail. It keeps getting this error: acme: error presenting token: route53: failed to determine hosted zone ID: NoCredentialProviders: no valid providers in chain
what am I doing wrong here? Thanks in advance.
httpChallenge error (note there is no firewall on):
app_1 | time="2019-02-20T21:49:52Z" level=debug msg="Using HTTP Challenge provider."
app_1 | time="2019-02-20T21:50:04Z" level=error msg="Unable to obtain ACME certificate for domains \"monitor.example.net\" detected thanks to rule \"Host:monitor.example.net\" : unable to generate a certificate for the domains [monitor.example.net]: acme: Error -> One or more domains had a problem:\n[monitor.example.net] acme: error: 400 :: urn:ietf:params:acme:error:connection :: Fetching http://monitor.example.net/.well-known/acme-challenge/AwJq4WU0OKN943nyHW6e3jzirdsWw6QAeE-CXD7QRhQ: Timeout during connect (likely firewall problem), url: \n"
dnsChallenge error:
app_1 | time="2019-02-20T21:18:26Z" level=debug msg="Try to challenge certificate for domain [monitor.example.net] founded in Host rule"
app_1 | time="2019-02-20T21:18:26Z" level=debug msg="Looking for provided certificate(s) to validate [\"monitor.example.net\"]..."
app_1 | time="2019-02-20T21:18:26Z" level=debug msg="Domains [\"monitor.example.net\"] need ACME certificates generation for domains \"monitor.example.net\"."
app_1 | time="2019-02-20T21:18:26Z" level=debug msg="Loading ACME certificates [monitor.example.net]..."
app_1 | time="2019-02-20T21:18:26Z" level=debug msg="Building ACME client..."
app_1 | time="2019-02-20T21:18:26Z" level=debug msg="https://acme-v02.api.letsencrypt.org/directory"
app_1 | time="2019-02-20T21:18:26Z" level=debug msg="Using DNS Challenge provider: route53"
app_1 | time="2019-02-20T21:18:27Z" level=error msg="Unable to obtain ACME certificate for domains \"monitor.example.net\" detected thanks to rule \"Host:monitor.example.net\" : unable to generate a certificate for the domains [monitor.example.net]: acme: Error -> One or more domains had a problem:\n[monitor.example.net] [monitor.example.net] acme: error presenting token: route53: failed to determine hosted zone ID: NoCredentialProviders: no valid providers in chain. Deprecated.\n\tFor verbose messaging see aws.Config.CredentialsChainVerboseErrors\n"
Attached docker-compose.yml
version: '3'
services:
app:
image: traefik:alpine
restart: always
ports:
- 80:80
- 443:443
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./traefik.toml:/traefik.toml
- ./acme.json:/acme.json
labels:
- traefik.frontend.rule=Host:monitor.example.net
- traefik.port=8080
networks:
- web
networks:
web:
external: true
Attached traefik.toml
logLevel = "DEBUG"
defaultEntryPoints = ["http", "https"]
[entryPoints]
[entryPoints.dashboard]
address = ":8080"
[entryPoints.dashboard.auth]
[entryPoints.dashboard.auth.basic]
users = ["admin:foobar"]
[entryPoints.http]
address = ":80"
# [entryPoints.http.redirect]
# entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[api]
entrypoint="dashboard"
[acme]
email = "donotspam#me.com"
storage = "acme.json"
entryPoint = "https"
onHostRule = true
# [acme.httpChallenge] #<--tried both httpChallenge and dnsChallenge
# entryPoint = "http"
[acme.dnsChallenge]
provider = "route53"
delayBeforeCheck = 0
[docker]
domain = "example.net"
watch = true
network = "web"

The HTTP challenge requires that port 80 be accessible on the Internet.
For the DNS challenge you need to define the credentials:
AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, [AWS_REGION], [AWS_HOSTED_ZONE_ID] or a configured user/instance IAM profile.
https://docs.traefik.io/configuration/acme/#provider

Traefik Web UI Server Not Found

I'm currently trying to setup Traefik on my RPi3 in a docker container. As of right now the logs from the Traefik container are showing that the validation succeeded and the server responded with a cert:
pi#raspberrypi:~/docker $ sudo docker-compose logs -tf --tail="50" traefik
Attaching to traefik
traefik | 2018-05-30T06:59:20.617977807Z legolog: 2018/05/30 06:59:20 [INFO] acme: Registering account for m5#aomosk.com
traefik | 2018-05-30T06:59:21.369400647Z legolog: 2018/05/30 06:59:21 [INFO][*.aomosk.com] acme: Obtaining bundled SAN certificate
traefik | 2018-05-30T06:59:21.389707565Z legolog: 2018/05/30 06:59:21 [INFO][aomosk.com] acme: Obtaining bundled SAN certificate
traefik | 2018-05-30T06:59:22.125375140Z legolog: 2018/05/30 06:59:22 [INFO][*.aomosk.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz/aN3AZEq8PTXBTYi73jW-yXvHYVC-5-s9YJzcdlJA-M0
traefik | 2018-05-30T06:59:22.125615035Z legolog: 2018/05/30 06:59:22 [INFO][aomosk.com] acme: Trying to solve DNS-01
traefik | 2018-05-30T06:59:22.236071160Z legolog: 2018/05/30 06:59:22 [INFO][aomosk.com] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz/Le-deKqprPhYN8kj80DH1cIzcxVuk2TXZa_fKgm2is8
traefik | 2018-05-30T06:59:22.236208295Z legolog: 2018/05/30 06:59:22 [INFO][aomosk.com] acme: Trying to solve DNS-01
traefik | 2018-05-30T06:59:22.847749525Z legolog: 2018/05/30 06:59:22 [INFO][aomosk.com] Checking DNS record propagation using [127.0.0.11:53]
traefik | 2018-05-30T06:59:22.908593248Z legolog: 2018/05/30 06:59:22 [INFO][aomosk.com] Checking DNS record propagation using [127.0.0.11:53]
traefik | 2018-05-30T06:59:32.932664129Z legolog: 2018/05/30 06:59:32 [INFO][aomosk.com] The server validated our request
traefik | 2018-05-30T06:59:32.953775211Z legolog: 2018/05/30 06:59:32 [INFO][aomosk.com] The server validated our request
traefik | 2018-05-30T06:59:33.186498364Z legolog: 2018/05/30 06:59:33 [INFO][*.aomosk.com] acme: Validations succeeded; requesting certificates
traefik | 2018-05-30T06:59:33.350874848Z 2018/05/30 06:59:33 dns_challenge.go:94: Error cleaning up aomosk.com: Cloudflare API Error
traefik | 2018-05-30T06:59:33.350992816Z Error: 81061: The record does not exist.
traefik | 2018-05-30T06:59:33.351063284Z legolog: 2018/05/30 06:59:33 [INFO][aomosk.com] acme: Validations succeeded; requesting certificates
traefik | 2018-05-30T07:00:53.579052808Z legolog: 2018/05/30 07:00:53 [INFO][*.aomosk.com] Server responded with a certificate.
traefik | 2018-05-30T07:00:59.363610528Z legolog: 2018/05/30 07:00:59 [INFO][aomosk.com] Server responded with a certificate.
This is a copy of my docker-compose.yml file:
version: "3.6"
services:
traefik:
hostname: traefik
image: traefik:latest
container_name: traefik
restart: always
domainname: aomosk.com
networks:
- default
- traefik_proxy
ports:
- "80:80"
- "443:443"
# - "XXXX:8080"
environment:
- CLOUDFLARE_EMAIL=<my_domain_email>
- CLOUDFLARE_API_KEY=<my_cloudflare_api_key>
labels:
- "traefik.enable=true"
- "traefik.backend=traefik"
- "traefik.frontend.rule=Host:traefik.aomosk.com"
# - "traefik.frontend.rule=Host:${DOMAINNAME}; PathPrefixStrip: /traefik"
- "traefik.port=8080"
- "traefik.docker.network=traefik_proxy"
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- /home/pi/docker/traefik:/etc/traefik
- /home/pi/docker/shared:/shared
networks:
traefik_proxy:
external:
name: traefik_proxy
default:
driver: bridge
~
And this is my traefik.toml file:
#debug = true
logLevel = "ERROR" #DEBUG, INFO, WARN, ERROR, FATAL, PANIC
InsecureSkipVerify = true
defaultEntryPoints = ["https", "http"]
# WEB interface of Traefik - it will show web page with overview of frontend and backend configurations
[web]
address = ":8080"
[web.auth.basic]
usersFile = "/shared/.htpasswd"
# Force HTTPS
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[file]
directory = "/etc/traefik/rules/"
watch = true
# Let's encrypt configuration
[acme]
email = "<my_domain_email>" #any email id will work
storage="/etc/traefik/acme/acme.json"
entryPoint = "https"
acmeLogging=true
onDemand = false #create certificate when container is created
[acme.dnsChallenge]
provider = "cloudflare"
delayBeforeCheck = 0
[[acme.domains]]
main = "aomosk.com"
[[acme.domains]]
main = "*.aomosk.com"
# Connection to docker host system (docker.sock)
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "aomosk.com"
watch = true
# This will hide all docker containers that don't have explicitly
# set label to "enable"
exposedbydefault = false
~
I've migrated my DNS over to Cloudflare in order to better work with Traefik and I have an A record for my external IP that is set to my domain name but I'm still getting the server not found page when I try and access the web ui through the subdomain (and 404 page not found when I use any other method). Is there something that I'm missing that is causing the web ui not to work?

I had a very similar setup and issue. I solved it by commenting out the logging settings in my traefik.toml file.
logLevel = "DEBUG"
[traefikLog]
filePath = "/logs/traefik.log"
[accessLog]
filePath = "/logs/access.log"
If I leave these in I get 404 errors, if I comment them out it works. Not sure if it's a bug?
#logLevel = "DEBUG"
#[traefikLog]
# filePath = "/logs/traefik.log"
#[accessLog]
# filePath = "/logs/access.log"

My problem was a bit different. I set up traefik on my AWS server and at first, it was working when configured for HTTP. But it stopped working when I configured it for HTTPS. I was getting "404 backend not found" errors similar to this
reverse-proxy_1 | 202.164.37.34 - - [10/Aug/2018:10:39:17 +0000] "GET /api/providers HTTP/1.1" 302 5 "http://<traefik-subdomain>.<hostname>/dashboard/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.84 Safari/537.36" 1091 "entrypoint redirect for frontend-Host-########-0" "/api/providers" 0ms
reverse-proxy_1 | 202.164.37.34 - - [10/Aug/2018:10:39:17 +0000] "OPTIONS /api/providers HTTP/2.0" 404 19 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.84 Safari/537.36" 1092 "backend not found" "/api/providers" 0ms
I followed the same approach as given in the answer by paul-taylor by commenting out the logging and it worked. This is unfortunate at the same time as logging would have helped debug any issues.