My problem is self assigned cert instead of lets-encrypt cert
docker-compose.yml:
version: "3.7"
services:
traefik:
image: traefik
command:
- --api
- --providers.docker
- --providers.docker.exposedbydefault=false
ports:
- 8080:8080
- 80:80
- 443:443
volumes:
- /etc/localtime:/etc/localtime:ro
- /etc/data/traefik.yml:/etc/traefik/traefik.yml
- /var/run/docker.sock:/var/run/docker.sock
networks:
- public
- private
deploy:
labels:
- "traefik.enable=true"
- "traefik.http.routers.dashboard.rule=Host(dashboard.example.com)"
- "traefik.http.routers.dashboard.service=api@internal"
- "traefik.http.routers.dashboard.middlewares=auth"
- "traefik.http.middlewares.auth.basicauth.users=admin:admin"
replicas: 1
placement:
constraints:
- node.role == manager
update_config:
parallelism: 1
delay: 10s
restart_policy:
condition: on-failure
service labels
- "traefik.http.routers.gitea.rule=Host(`gitea.example.com`)"
- "traefik.http.routers.gitea.entrypoints=websecure"
- "traefik.http.routers.gitea.tls=true"
- "traefik.http.routers.registry.tls.domains.main=example.com"
- "traefik.http.routers.registry.tls.domains.sans=*.example.com"
- "traefik.http.routers.gites.tls.certresolver=resolver"
- "traefik.http.services.gitea-svc.loadbalancer.server.port=3000"
traefik.yml:
entryPoints:
web:
address: ":80"
websecure:
address: ":443"
certificatesResolvers:
resolver:
acme:
email: mail@example.com
storage: acme.json
tlsChallenge: {}
This is what I get in my Firefox:
This is happend, because browser takes traefik default cert, but there is must be lets-encrypt cert
With log level debug I get
level=debug msg="http: TLS handshake error from 192.168.80.1:53932: remote error: tls: bad certificate"
