HTTPS and subdomain in Traefik

Question

I have a Traefik and a few services in docker-containers. Here is docker-compose.yml file:

version: "3"

services:
  main-app:
    image: some-image
    container_name: main_app
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.app.rule=Host(`domain.com`)"
      - "traefik.http.routers.app.entrypoints=https"
      - "traefik.http.routers.app.tls.certresolver=cert

  moodle:
    image: some-moodle-image
    container_name: moodle
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.moodle.rule=Host(`moodle.domain.com`)"
      - "traefik.http.routers.moodle.entrypoints=https"
      - "traefik.http.routers.moodle.tls.certresolver=cert"


  traefik:
    image: "traefik"
    container_name: traefik
    command:
      - "--api.insecure=true"

      #Entrypoints settings
      - "--entrypoints.http.address=:80"
      - "--entrypoints.https.address=:443"

      # Providers settings
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"

      # Acme challeges settings
      - "--certificatesresolvers.cert.acme.httpchallenge=true"
      - "--certificatesresolvers.cert.acme.httpchallenge.entrypoint=web"
      - "--certificatesresolvers.cert.acme.email=some-mail@help.me"
      - "--certificatesresolvers.cert.acme.storage=/letsencrypt/acme.json"
    labels:
      #Redirect HTTP -> HTTPS
      - "traefik.enable=true"
      - "traefik.http.routers.https-redirect.entrypoints=http"
      - "traefik.http.routers.https-redirect.rule=HostRegexp(`{any:.*}`)"
      - "traefik.http.routers.https-redirect.middlewares=https-redirect"
      - "traefik.http.middlewares.https-redirect.redirectscheme.scheme=https"
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    volumes:
      - "/letsencrypt:/letsencrypt"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"

As you can see the main app container is tied to the main domain (domain.com). And moodle container to the subdomain (moodle.domain.com).

Now to the heart of the matter. On the main domain, the certificate is issued and works HTTPS. But on the subdomain, I get the next error:

time="2020-05-01T13:12:54Z" level=error msg="Unable to obtain ACME certificate for domains \"moodle.domain.com\": 
unable to generate a certificate for the domains [moodle.domain.com]: 
error: one or more domains had a problem:[moodle.domain.com] acme: error: 403 ::
 urn:ietf:params:acme:error:unauthorized :: 
Invalid response from http://moodle.domain.com/.well-known/acme-challenge/(some private code)[(some ip address)]: 
404, url: \n" providerName=cert.acme routerName=moodle@docker rule="Host(`moodle.domain.com`)"

How can this be caused and how can this problem be solved?

for this to work, certificate should have been issued for domain.com and *.domain.com — akazuko, May 01 '20 at 21:40

HTTPS and subdomain in Traefik

0 Answers0