404 Error Obtaining a Certificate with Traefik Running on Docker


My domain is:


I ran this command:

sudo docker run -d --restart unless-stopped -v /var/run/docker.sock:/var/run/docker.sock -v /var/data/traefik/traefik.toml:/traefik.toml -v /var/data/traefik/acme.json:/acme.json -p 80:80 -p 443:443 -l traefik.frontend.rule=Host:randomparity.com -l traefik.port=8080 --network proxy --name traefik traefik:latest --docker

It produced this output:

time="2018-07-09T07:14:52Z" level=error msg="Unable to obtain ACME certificate for domains \"randomparity.com\" detected thanks to rule \"Host:randomparity.com\" : cannot obtain certificates: acme: Error -> One or more domains had a problem:\n[randomparity.com] acme: Error 403 - urn:ietf:params:acme:error:unauthorized - Invalid response from http://randomparity.com/.well-known/acme-challenge/6X5LRG6Pi2XPtOHqFOA9wL9BSLp_mAmxeR4z9wfsFvg: \"<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>404 Not Found</title>\n</head><body>\n<h1>Not Found</h1>\n<p\"\n"

My web server is (include version):

Traefik (v1.6.4) running in a Docker (v18.03.1-ce, build 9ee9f40) container.


defaultEntryPoints = ["http", "https"]

address = ":8080"

  address = ":80"
      entryPoint = "https"
  address = ":443"

email = "user@example.com"
storage = "acme.json"
entryPoint = "https"
onHostRule = true
onDemand = false

entryPoint = "http"
delayBeforeCheck = 0

The operating system my web server runs on is (include version):

Ubuntu 18.04

My hosting provider, if applicable, is:


I can login to a root shell on my machine (yes or no, or I don’t know):


I’m using a control panel to manage my site (no, or provide the name and version of the control panel):



Your domain’s IP address appears to be served by web servers related to your QNAP device rather than Traefik.

If the domain is not actually pointing at Traefik in a way that is accessible from the internet, then Let’s Encrypt validation is going to fail.


Thanks for the catch. My NAS was using UPnP to create port forwards that overrode the static port forwarding setup of the gateway which I couldn’t see when testing from inside the network.



This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.