Closed ghost closed 6 years ago
Bug
Configured Traefik with as minimal configuration (using [file]-provider only) as possible, and testing two scenarios:
Same frontends/backends in both scenarios:
Wildcard certificate common names are:
I then tried doing simple requests: https://api.duglemmerdetaldrig.dk https://api.truestory.no https://api.truestory.se
Note: I had my hosts-file set up to point the domains to 127.0.0.1 to test locally
I expected Traefik to use the wildcard certificates in both scenarios, when doing the requests.
Everything working perfectly fine.
All 3 HTTPS requests failed with ERR_CERT_AUTHORITY_INVALID. The returned certificate was the "TRAEFIK DEFAULT CERT".
traefik version
Version: v1.5.2 Codename: cancoillotte Go version: go1.9.4 Built: 2018-02-12_10:56:31AM OS/Arch: linux/amd64
debug = true checkNewVersion = true logLevel = "INFO" defaultEntryPoints = ["http", "https"] [entryPoints] [entryPoints.http] address = ":80" compress = true [entryPoints.https] address = ":443" compress = true [entryPoints.https.tls] [retry] [acme] email = "my-email@some-domain.tld" storage = "/etc/traefik/acme.json" entryPoint = "https" acmeLogging = true onHostRule = true ################################################################ # File configuration backend ################################################################ [file] [backends] [backends.dgda-api-v1] [backends.dgda-api-v1.LoadBalancer] method = "drr" [backends.dgda-api-v1.healthcheck] path = "/" interval = "5s" port = 8080 [backends.dgda-api-v1.servers.server-1] url = "http://10.0.0.123:80" weight = 4 [backends.dgda-api-v1.servers.server-2] url = "http://10.0.0.59:80" weight = 2 [backends.dgda-api-v1.servers.server-3] url = "http://10.0.0.210:80" weight = 2 #[backends.dgda-api-v1.servers.server-4] #url = "http://10.0.0.133:80" #weight = 4 [backends.tsno-api-v1] [backends.tsno-api-v1.LoadBalancer] method = "drr" [backends.tsno-api-v1.healthcheck] path = "/" interval = "5s" [backends.tsno-api-v1.servers.server-1] url = "http://10.0.0.87:8205" weight = 10 [backends.tsno-api-v1.servers.server-2] url = "http://10.0.0.87:8203" weight = 10 [backends.tsse-api-v1] [backends.tsse-api-v1.LoadBalancer] method = "drr" [backends.tsse-api-v1.healthcheck] path = "/" interval = "5s" [backends.tsse-api-v1.servers.server-1] url = "http://10.0.0.159:8205" weight = 10 [backends.tsse-api-v1.servers.server-2] url = "http://10.0.0.159:8203" weight = 10 [frontends] [frontends.dgda-api-v1-fe] backend = "dgda-api-v1" entrypoints = ["http", "https"] passHostHeader = true priority = 10 [frontends.dgda-api-v1-fe.routes.dgda-api] rule = "Host:api.duglemmerdetaldrig.dk" [frontends.tsno-api-v1-fe] backend = "tsno-api-v1" entrypoints = ["http", "https"] passHostHeader = true priority = 10 [frontends.tsno-api-v1-fe.routes.tsno-api] rule = "Host:api.truestory.no" [frontends.tsse-api-v1-fe] backend = "tsse-api-v1" entrypoints = ["http", "https"] passHostHeader = true priority = 10 [frontends.tsse-api-v1-fe.routes.tsse-api] rule = "Host:api.truestory.se" [[tls]] entryPoints = ["https"] [tls.certificate] certFile = "/ssl-certs/api.duglemmerdetaldrig.dk.pem" keyFile = "/ssl-certs/api.duglemmerdetaldrig.dk.key" [[tls]] entryPoints = ["https"] [tls.certificate] certFile = "/ssl-certs/api.truestory.no.pem" keyFile = "/ssl-certs/api.truestory.no.key" [[tls]] entryPoints = ["https"] [tls.certificate] certFile = "/ssl-certs/api.truestory.se.pem" keyFile = "/ssl-certs/api.truestory.se.key"
Only change is to the acme-part:
#[acme] #email = "my-email@some-domain.tld" #storage = "/etc/traefik/acme.json" #entryPoint = "https" #acmeLogging = true #onHostRule = true
--debug
Hello @LarsDR, Your bug seems to be fixed thanks to the Pull Request #2913.
I close the PR but feel free to re-open it if necessary.
Do you want to request a feature or report a bug?
Bug
What did you do?
Configured Traefik with as minimal configuration (using [file]-provider only) as possible, and testing two scenarios:
Same frontends/backends in both scenarios:
Wildcard certificate common names are:
I then tried doing simple requests: https://api.duglemmerdetaldrig.dk https://api.truestory.no https://api.truestory.se
Note: I had my hosts-file set up to point the domains to 127.0.0.1 to test locally
What did you expect to see?
I expected Traefik to use the wildcard certificates in both scenarios, when doing the requests.
What did you see instead?
Scenario 1
Everything working perfectly fine.
Scenario 2
All 3 HTTPS requests failed with ERR_CERT_AUTHORITY_INVALID. The returned certificate was the "TRAEFIK DEFAULT CERT".
Output of
traefik version
: (What version of Traefik are you using?)Version: v1.5.2 Codename: cancoillotte Go version: go1.9.4 Built: 2018-02-12_10:56:31AM OS/Arch: linux/amd64
What is your environment & configuration (arguments, toml, provider, platform, ...)?
Scenario 2:
Scenario 1:
Only change is to the acme-part:
If applicable, please paste the log output in debug mode (
--debug
switch)Scenario 1
Scenario 2: