Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Acme certificate requested on all TLS-Aware entrypoints #1399

Closed
isrjo opened this issue Apr 7, 2017 · 4 comments
Closed

Acme certificate requested on all TLS-Aware entrypoints #1399

isrjo opened this issue Apr 7, 2017 · 4 comments
Labels
area/acme status/5-frozen-due-to-age
Milestone
1.2

Comments

@isrjo
Copy link

isrjo commented Apr 7, 2017
edited by ldez
Loading

What version of Traefik are you using (traefik version)?

traefik:latest

Running traefik in a container with swarm as backend with the follwing acme configuration

--entryPoints="Name:acme Address::445 TLS" --acme --acme.email='[email protected]' --acme.entrypoint='acme' --acme.ondemand --acme.onhostrule --acme.storage=/etc/traefik/acme/acme.json --accesslogsfile=/log/access_log --acme.acmelogging

What did you do?

I have several TLS-aware Entrypoints defined in my traefik configuration.
I've noticed every container I start regardless of TLS entrypoint used result in a acme certificate request.
Is this really the expected behavior ?

What did you expect to see?

Certificates requested only for containers using the entrypoint correlating to the one used for acme challenge --acme.entrypoint='acme'
@emilevauge emilevauge added bug priority/P1 need to be fixed in next release labels Apr 7, 2017
@emilevauge emilevauge added this to the 1.2 milestone Apr 7, 2017
@emilevauge
Copy link
Member

@isrjo ouch, thanks for reporting.
There is indeed an issue here, we should also check that the frontend is linked to the ACME entrypoint... Will push a fix ASAP.

@emilevauge emilevauge mentioned this issue Apr 7, 2017
Merged
@isrjo
Copy link
Author

isrjo commented Apr 7, 2017
edited
Loading

Perhaps off topic (I would gladly open an enhancement request if confirmed) While at it. I know little or nothing about go, but by reading code I'm under the impression --acme.entrypoint is single value, and if right I wonder why? Would not a multivalue be more appropriate, allowing multiple entrypoints to become acme aware?

@tcolgate
Copy link
Contributor

We have two https entrypoints which serve https on two different ports (these are then accessed by two different LB, each of which has different access rules, one for public services, one for private). We would like to use LE certs for both. Since one of these is private, we are using route53 dns for provisioning.
I'd be happy for acme.entrypoint to take a list, but, equally, I don't need to for https SNI challenges at all.

@emilevauge
Copy link
Member

Fixed by #1401

@ldez ldez removed the priority/P1 need to be fixed in next release label May 30, 2017
@ldez ldez added the area/acme label Jun 11, 2017
@isrjo isrjo mentioned this issue Jan 27, 2018
Closed
@traefik traefik locked and limited conversation to collaborators Sep 1, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
area/acme status/5-frozen-due-to-age
Projects
None yet
Milestone
1.2
Development

No branches or pull requests
5 participants
@tcolgate @isrjo @ldez @emilevauge @traefiker