Sorry for the newby question that I see has been asked a lot with most saying "go to the getting started".
I had a consultant setup Traefik years ago on a docker container that mostly works, but the certs keep expiring for reasons I don't understand. If I reset all my docker instances, they come back for a while, but then revert to having expired a long time ago.
I wan to just start again with LetsEncrypt in my docker environment. Is there a better "Traefik" to setup multiple certs or do I somehow need to figure out what is going wrong with my current one.
For example, here is another site I setup recently on the same docker instance and it seems to be working fine. Thanks, and again, sorry for the newby question. This just isn't my space but don't want to spend a lot of money on certs.
ANotWorking
Error
svcc.mobi has an A (IPv4) record (66.46.177.162) but a request to this address over port 80 did not succeed. Your web server must have at least one working IPv4 or IPv6 address.
A timeout was experienced while communicating with svcc.mobi/66.46.177.162: Get "http://svcc.mobi/.well-known/acme-challenge/letsdebug-test": context deadline exceeded
Trace:
@0ms: Making a request to http://svcc.mobi/.well-known/acme-challenge/letsdebug-test (using initial IP 66.46.177.162)
@0ms: Dialing 66.46.177.162
@10001ms: Experienced error: context deadline exceeded
Yet I see this with nmap -Pn -p80,443 svcc.mobi
$ nmap -Pn -p80,443 svcc.mobi
Starting Nmap 7.80 ( https://nmap.org ) at 2023-06-25 19:01 UTC
Nmap scan report for svcc.mobi (66.46.177.162)
Host is up (0.088s latency).
rDNS record for 66.46.177.162: mail.planex-import.com
PORT STATE SERVICE
80/tcp open http
443/tcp open https
Nmap done: 1 IP address (1 host up) scanned in 0.34 seconds
I am not seeing a consistent picture.
I know nothing of Traefik, so kindly wait to see if there are more knowledgeable Let's Encrypt community volunteers willing to assist.
Can someone point me at a recommended way to manage certs from docker containers? Traefic has just been no fun and hoping there is something better. I basically have my docker containers each exposing some "not port 80 or 443" and then I believe traefic does something with letsencrypt to proxy to my different domains (just a simple 1 server setup)
I haven't tried it myself but my first thought would be to use Caddy as the web server on a container, then have that configured to serve the other sites as a reverse proxy to the apps running in the other containers. This has the advantage that Caddy will automatically manage the certs for the hostnames it knows about: Reverse proxy quick-start — Caddy Documentation
People variously use other things like nginx proxy manager in the same way.
As an aside, while using containers is generally seen as the way to go for modern deployments, if all you're doing is hosting a few web apps sometimes the easiest solution to understand is just a VM running a single webserver, serving the apps. People do have a tendency to setup containers then lose track of how they did it and never rebuild the images, so they're often running very old software albeit in a very sophisticated/complex way.
