D
Dokploy8mo ago
max.d

Certs for wildcard domains in traefik

Looks like it's not supported atm? 
2024-09-17T21:06:19Z ERR Error while adding route for host error="error while adding rule HostSNI(`*.bldry.click`): invalid value for HostSNI matcher, \"*.bldry.click\" is not a valid hostname"
2024-09-17T21:06:21Z ERR Unable to obtain ACME certificate for domains error="unable to generate a certificate for the domains [*.bldry.click]: error: one or more domains had a problem:\n[*.bldry.click] [*.bldry.click] acme: could not determine solvers\n" ACME CA=https://acme-v02.api.letsencrypt.org/directory acmeCA=https://acme-v02.api.letsencrypt.org/directory domains=["*.bldry.click"] providerName=letsencrypt.acme routerName=bldry-web-3d327d-router-websecure-3@file rule=Host(`*.bldry.click`)
2024-09-17T21:06:19Z ERR Error while adding route for host error="error while adding rule HostSNI(`*.bldry.click`): invalid value for HostSNI matcher, \"*.bldry.click\" is not a valid hostname"
2024-09-17T21:06:21Z ERR Unable to obtain ACME certificate for domains error="unable to generate a certificate for the domains [*.bldry.click]: error: one or more domains had a problem:\n[*.bldry.click] [*.bldry.click] acme: could not determine solvers\n" ACME CA=https://acme-v02.api.letsencrypt.org/directory acmeCA=https://acme-v02.api.letsencrypt.org/directory domains=["*.bldry.click"] providerName=letsencrypt.acme routerName=bldry-web-3d327d-router-websecure-3@file rule=Host(`*.bldry.click`)
7 Replies
max.d
max.dOP8mo ago
i am using namecheap NS, will try cloudflare now i managed to get cloudflare letsencrypt setuip but still getting the traefik HostSNI error, even though i see no HostSNI rules in the generated config. any idea? i had to also update main traefic config so: 
      dnsChallenge:
        provider: cloudflare # Replace with your DNS provider
        delayBeforeCheck: 0
      dnsChallenge:
        provider: cloudflare # Replace with your DNS provider
        delayBeforeCheck: 0
ok look slike only cloudflare ENV variables were really needed, conf is fine as is still getting 
2024-09-17T22:19:01Z ERR error="service \"dokploy-traefik\" error: port is missing" container=dokploy-traefik-becr991r1z9i8061exxs5gk9o providerName=swarm
2024-09-17T22:19:01Z ERR Error while adding route for host error="error while adding rule HostSNI(`*.bldry.click`): invalid value for HostSNI matcher, \"*.bldry.click\" is not a valid hostname"
2024-09-17T22:19:01Z ERR error="service \"dokploy-traefik\" error: port is missing" container=dokploy-traefik-becr991r1z9i8061exxs5gk9o providerName=swarm
2024-09-17T22:19:01Z ERR Error while adding route for host error="error while adding rule HostSNI(`*.bldry.click`): invalid value for HostSNI matcher, \"*.bldry.click\" is not a valid hostname"
max.d
max.dOP8mo ago
probably need to either specify main/sans OR use this https://doc.traefik.io/traefik/routing/routers/#host-and-hostregexp
Traefik Routers Documentation - Traefik
In Traefik Proxy, a router is in charge of connecting incoming requests to the Services that can handle them. Read the technical documentation.
max.d
max.dOP8mo ago
plus this https://github.com/devongovett/regexgen
GitHub
GitHub - devongovett/regexgen: Generate regular expressions that ma...
Generate regular expressions that match a set of strings - devongovett/regexgen
max.d
max.dOP8mo ago
to combine all hostnames for a service into 1 regex ok i had to write custom traefik config, seems like it shoudl be easy enough to automate via UI tho
tylkomat
tylkomat4mo ago
@max.d can you show how your final traefik config looks like?
max.d
max.dOP4mo ago
http:
  routers:
    bldry-web-3d327d-router-2:
      rule: >-
        (Host(`bldry.click`) || HostRegexp(`^.+\.bldry\.click$`)) &&
        !(Host(`server.bldry.click`) || Host(`api.bldry.click`))
      service: bldry-web-3d327d-service-2
      middlewares:
        - redirect-to-https
        - auth-bldry-web-3d327d
      entryPoints:
        - web
    bldry-web-3d327d-router-websecure-2:
      rule: >-
        (Host(`bldry.click`) || HostRegexp(`^.+\.bldry\.click$`)) &&
        !(Host(`server.bldry.click`) || Host(`api.bldry.click`))
      service: bldry-web-3d327d-service-2
      middlewares:
        - auth-bldry-web-3d327d
      entryPoints:
        - websecure
      tls:
        certResolver: letsencrypt
        domains:
          - main: bldry.click
            sans:
              - '*.bldry.click'
  services:
    bldry-web-3d327d-service-2:
      loadBalancer:
        servers:
          - url: http://bldry-web-3d327d:3000
        passHostHeader: true
http:
  routers:
    bldry-web-3d327d-router-2:
      rule: >-
        (Host(`bldry.click`) || HostRegexp(`^.+\.bldry\.click$`)) &&
        !(Host(`server.bldry.click`) || Host(`api.bldry.click`))
      service: bldry-web-3d327d-service-2
      middlewares:
        - redirect-to-https
        - auth-bldry-web-3d327d
      entryPoints:
        - web
    bldry-web-3d327d-router-websecure-2:
      rule: >-
        (Host(`bldry.click`) || HostRegexp(`^.+\.bldry\.click$`)) &&
        !(Host(`server.bldry.click`) || Host(`api.bldry.click`))
      service: bldry-web-3d327d-service-2
      middlewares:
        - auth-bldry-web-3d327d
      entryPoints:
        - websecure
      tls:
        certResolver: letsencrypt
        domains:
          - main: bldry.click
            sans:
              - '*.bldry.click'
  services:
    bldry-web-3d327d-service-2:
      loadBalancer:
        servers:
          - url: http://bldry-web-3d327d:3000
        passHostHeader: true
tylkomat
tylkomat4mo ago
Did you update traefik.yaml as well? @max.d The routing works, but there is no wildcard certificate generated. I set the corresponding Environment Variables for my DNS provider in the traefik environment. Do I have to set something else? I got it working. Thank you for your config

Did you find this page helpful?