1

I have Traefik configured to issue Let's Encrypt wildcard certificates with DNS-01 challenge.

I have the variables AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_REGION, AWS_HOSTED_ZONE_ID in the env file, for *.domain1.com (domain1.com). This AWS_HOSTED_ZONE_ID is related to domain1.com only.

I need to add new domain domain2.com also hosted in Route53, so Traefik can issue certificates for both *.domain1.com and *.domain2.com.

How have Traefik issue Letsencrypt certificates in multi Route53 domains?

Next is my treafik.yml file:

version: "3.6"

services:

  traefik:
    image: traefik
    env_file: /mnt/ceph/traefik/env
    command:
      - "--debug=true"
      - "--logLevel=DEBUG"
      - "--api"
      - "--entrypoints=Name:http Address::80 Redirect.EntryPoint:https"
      - "--entrypoints=Name:https Address::443 Compress:true TLS"
      - "--defaultentrypoints=http,https"
      - "--acme"
      - "--acme.storage=acme.json"
      - "--acme.acmeLogging=true"
      - "--acme.entryPoint=https"
      - "--acme.email=email@domain1.com"
      #- "--acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory"
      - "--acme.caServer=https://acme-v02.api.letsencrypt.org/directory"
      - "--acme.dnsChallenge.provider=route53"
      - "--acme.dnsChallenge.delayBeforeCheck=0"
      - "--acme.domains=*.domain1.com,domain1.com"
      - "--docker"
      - "--docker.domain=domain1.com"
      - "--docker.exposedByDefault=false"
      - "--docker.swarmMode"
      - "--docker.watch"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - /mnt/ceph/traefik/acme.json:/acme.json
    networks:
      - backend
      - webgateway
    ports:
      - target: 80
        published: 80
        mode: host
      - target: 443
        published: 443
        mode: host
      - target: 8080
        published: 8080
        mode: host
    deploy:
      mode: global
      placement:
        constraints:
          - node.role == manager
      update_config:
        parallelism: 2
        failure_action: rollback
        order: start-first
        #delay: 5s
      restart_policy:
        condition: on-failure
      labels:
        - "traefik.enable=true"
        - "traefik.backend=dashboard"
        - "traefik.port=8080"
        - "traefik.frontend.rule=Host:dashboard.domain1.com"

networks:
  backend:
    name: traefik_backend
    driver: overlay
    external: true
  webgateway:
    driver: overlay

Thank you in advance!!

Carlos Almeida
  • 11
  • 4

0 Answers0