404 Error Obtaining a Certificate with Traefik Running on Docker

My domain is:

randomparity.com

I ran this command:

sudo docker run -d --restart unless-stopped -v /var/run/docker.sock:/var/run/docker.sock -v /var/data/traefik/traefik.toml:/traefik.toml -v /var/data/traefik/acme.json:/acme.json -p 80:80 -p 443:443 -l traefik.frontend.rule=Host:randomparity.com -l traefik.port=8080 --network proxy --name traefik traefik:latest --docker

It produced this output:

time="2018-07-09T07:14:52Z" level=error msg="Unable to obtain ACME certificate for domains \"randomparity.com\" detected thanks to rule \"Host:randomparity.com\" : cannot obtain certificates: acme: Error -> One or more domains had a problem:\n[randomparity.com] acme: Error 403 - urn:ietf:params:acme:error:unauthorized - Invalid response from http://randomparity.com/.well-known/acme-challenge/6X5LRG6Pi2XPtOHqFOA9wL9BSLp_mAmxeR4z9wfsFvg: \"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p\"\n"

My web server is (include version):

Traefik (v1.6.4) running in a Docker (v18.03.1-ce, build 9ee9f40) container.

traefik.toml:

defaultEntryPoints = ["http", "https"]

[web]
address = ":8080"
  [web.auth.basic]
  users = ["admin:XXXXXXXXXXXXXXXXXXXXXXXXXXX"]

[entryPoints]
  [entryPoints.http]
  address = ":80"
    [entryPoints.http.redirect]
      entryPoint = "https"
  [entryPoints.https]
  address = ":443"
    [entryPoints.https.tls]

[acme]
email = "user@example.com"
storage = "acme.json"
entryPoint = "https"
onHostRule = true
onDemand = false

[acme.httpChallenge]
entryPoint = "http"
delayBeforeCheck = 0

The operating system my web server runs on is (include version):

Ubuntu 18.04

My hosting provider, if applicable, is:

Frontier

I can login to a root shell on my machine (yes or no, or I don’t know):

Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

No

Your domain’s IP address appears to be served by web servers related to your QNAP device rather than Traefik.

If the domain is not actually pointing at Traefik in a way that is accessible from the internet, then Let’s Encrypt validation is going to fail.

1 Like

Thanks for the catch. My NAS was using UPnP to create port forwards that overrode the static port forwarding setup of the gateway which I couldn’t see when testing from inside the network.

Dave

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.