Cannot start addon with delayBeforeCheck

[ElVit]

Hello, First of all thanks for this great addon. I have searched for it for months.

I use Home Assistant supervised in my Intel Nuc. When I try to start this addon with the default configuration as described in the docs (with cloudflare) it won’t start.

Here is the error message from the log: command /usr/local/bin/traefik error: yaml: line 26: mapping values are not allowed in this context

After some tries I found out that if I remove the line delayBeforeCheck: 10 the addon starts as expected.

Regards ElVit

[alex3305]

Well spotted. I'm going to look into this issue later.

@leakypixel Does this option (still) work for you?

[leakypixel]

@alex3305 still working for me, I'm currently using the following config in production with no issues on 3.0.3:

I also have no issues if I change delayBeforeCheck to 10. I will try upgrading to 4.0.1 and see if I can replicate the issue.

[alex3305]

Appereantly this option broke with release 3.2.0 where I made a typo within the Traefik template causing the template engine outputting invalid YAML.

I've just released version 4.0.2 (0633655161bc1ad1a2c2d452f169907818ef43e3) fixing this issue. If you @ElVit and @leakypixel could test this release and provide feedback that would be great. For now I will close this issue

Thanks again for using this add-on and providing feedback!

[ElVit]

@alex3305 thanks for the fast fix. Now it's working😃

But I have an other issue and I don't know if it relates to this. Apparently my certificates can not be generated. I get the following error:

time="2020-11-15T23:27:33+02:00" level=error msg="Unable to obtain ACME certificate for domains \"hassio.mydomain.tk\": unable to generate a certificate for the domains [hassio.mydomain.tk]: error: one or more domains had a problem:\n[hassio.mydomain.tk] [hassio.mydomain.tk] acme: error presenting token: cloudflare: failed to create TXT record: error from makeRequest: HTTP status 401: \n" providerName=le.acme routerName=homeAssistantRouter@file rule="Host(`hassio.mydomain.tk`)"

Maybe you can also help me with that?

[alex3305]

@ElVit are you providing the correct API key and has this key sufficient priviliges within your Cloudflare account? This is my redacted configuration:

log_level: info
access_logs: false
forwarded_headers_insecure: true
dynamic_configuration_path: /config/traefik_config/
letsencrypt:
  enabled: true
  email: 'letsencrypt@example.com'
  challenge_type: dnsChallenge
  provider: cloudflare
  resolvers: []
env_vars:
  - 'CF_DNS_API_TOKEN=MY_API_TOKEN'

Also after a quick Google search I found that .tk domains can be troublesome with DDNS.

[leakypixel]

Appereantly this option broke with release 3.2.0 where I made a typo within the Traefik template causing the template engine outputting invalid YAML.

I've just released version 4.0.2 (0633655) fixing this issue. If you @ElVit and @leakypixel could test this release and provide feedback that would be great. For now I will close this issue

Thanks again for using this add-on and providing feedback!

After upgrading to 4.0.2, I get the following error with the config I mentioned above: command /usr/local/bin/traefik error: yaml: line 30: block sequence entries are not allowed in this context

[leakypixel]

If I remove one of the resolvers in the configuration, addon works as intended.

[ElVit]

@alex3305 here are my token permissions

But you are right probably it's the .tk domain. Thanks for your help 😃.

[alex3305]

@leakypixel Well spotted. It was the same formatting issue as the delayBeforeCheck. It should be resolved now. Sorry about any inconvenience.

---

@ElVit I'm sorry. I don't think I can help you out with this issue. Your permissions should be sufficient though. Perhaps you can ask any help on the Traefik forums?

[leakypixel]

@alex3305 no problem! Thanks for your hard work on this and being so responsive :)

[ElVit]

@alex3305 also from me a big thanks for your fast responses and fixes.

Since the last update I get the following error in my logs: time="2020-11-18T13:43:56+02:00" level=error msg="the router homeAssistantRouter@file uses a non-existent resolver: le"

Is it because of my .tk domain?

[alex3305]

@ElVit Can you share your complete (and redacted) Home Assistant and Traefik config? The le resolver should be available by default when letsencrypt.enabled is set to true.

[ElVit]

@alex3305 here is my traefik config

log_level: info
access_logs: false
forwarded_headers_insecure: false
dynamic_configuration_path: /config/traefik/
letsencrypt:
  enabled: true
  email: my@email.com
  challenge_type: dnsChallenge
  provider: cloudflare
  delayBeforeCheck: 10
  resolvers:
    - '1.1.1.1:53'
    - '1.0.0.1:53'
env_vars:
  - CF_DNS_API_TOKEN=my-token

and here my home assistant config:

default_config:

tts:
  - platform: google_translate

group: !include groups.yaml
automation: !include automations.yaml
script: !include scripts.yaml
scene: !include scenes.yaml

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 127.0.0.1
    - ::1
  ip_ban_enabled: True
  login_attempts_threshold: 5

device_tracker:
  - platform: fritz
    new_device_defaults:
      track_new_devices: false

sensor:
  - ...

[alex3305]

Sorry, I meant your Home Assistant add-on config, which you have provided. And your Traefik dynamic config of course 😉.

[ElVit]

Oh ok. The home assistant addon config I have already shared.

Here the Traefik dynamics.yaml:

http:
  routers:
    redirectToHttpsRouter:
      entryPoints: ["web"]
      middlewares: ["httpsRedirect"]
      rule: "HostRegexp(`{host:.+}`)"
      service: noopService

    homeAssistantRouter:
      rule: "Host(`hassio.mydomain.tk`)"
      entryPoints: ["web-secure"]
      tls:
        certResolver: le
      service: homeAssistantService
    nextCloudRouter:
      rule: "Host(`nextcloud.mydomain.tk`)"
      entryPoints: ["web-secure"]
      tls:
        certResolver: le
      service: nextCloudService
    bitWardenRouter:
      rule: "Host(`bitwarden.mydomain.tk`)"
      entryPoints: ["web-secure"]
      tls:
        certResolver: le
      service: bitWardenService

  middlewares:
    httpsRedirect:
      redirectScheme:
        scheme: https

  services:
    noopService:
      loadBalancer:
        servers:
          - url: "http://192.168.178.123"

    homeAssistantService:
      loadBalancer:
        servers:
          - url: "http://192.168.178.123:8123"
    nextCloudService:
      loadBalancer:
        servers:
          - url: "http://192.168.178.123:8080"
    bitWardenService:
      loadBalancer:
        servers:
          - url: "http://192.168.178.123:7277"

[alex3305]

All seems fine with your configuration. Perhaps your acme.json file is at fault here. Traefik appearently outputs a generic message when something goes wrong with reading this file. You can try stopping the add-on, deleting the /ssl/traefik/ directory on your system and restarting. I have a manual Docker install and this directory is located at /usr/share/hassio/ssl/traefik/ for me. Perhaps somewhere else for you.

Other than that it can also still be an issue with your tk domain and Cloudflare. But I'm not really sure and I have no way to test that scenario. I still think you can get a bite more help at the Traefik forums. They seem generally very helpful. If they ask about your static configuration, you can view that with docker exec -it addon_32de6d38_traefik cat /etc/traefik/traefik.yaml.

I'm sorry that I'm unable to help you with this issue. Hopefully you can find a fully working solution.

[ElVit]

@alex3305 Thanks again for your help. Yes it was the acme.json file. I just deleted it and restarted the addon. Now this error is gone and I have me old errors again 😄

But for the other error unable to generate a certificate for the domains I will ask the traefik forum. Thank you for this advice. Hopefully they will find a solution.