Dug myself a hole by deleting an old server without thinking

Let's say, just for the sake of argument, that I'm an idiot. That I setup Traefik on a new server (using Docker) and then I stood up first one new Docker image (which got a fully working certificate) and then another Docker image of a site that was already running on an older server and had a cert via LE over there.

Then, I nuked the old server, not thinking that I should probably preserve the old cert or revoke it or something actually sensible. Needless to say, Traefik on the new server cannot seem to get a cert for the site in its new location and always just delivers the Traefik Default Cert.

I've waited a few days and restarted Traefik on each day, but still no luck. Am I waiting 30 days, 45 days, 90+ days for this to resolve itself? Is there any way I can fix this?

Thanks,
John

My domain is: PaperQuik.com

I ran this command: Traefik (Traefik is configured to get my certs for me)

It produced this output: I'm still getting the Traefik Default Cert

My web server is (include version): Node.js (though it isn't involved in certs at all)

The operating system my web server runs on is (include version): Ubuntu 20.04

My hosting provider, if applicable, is: Digital Ocean

I can login to a root shell on my machine (yes or no, or I don't know): Yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): I'm not really using anything directly, I'm depending upon Traefik to do it for me

Reading the Traefik logs is going to be the first step towards identifying what's happening.

Your domain is not currently subject to any rate limits - there shouldn't be any reason you can't get a certificate right now.

Just looking at your server, it doesn't seem like port 80 is currently open, which would definitely be a problem:

Hmm. I've gotten past the error and it seems like it was due to my attempts to get a wildcard cert in my Docker config, while Traefik was looking at all the domains in my rules and listing all of those as well.

LE said there was a conflict between asking for a www cert and a wildcard in the same request. After I whittled down my docker-compose file to just the following, it was willing to give certificates out for both domain and www.domain for the servers running in both Docker containers:

services:
  madgameslab:
    image: [path to an image]
    labels:
      - "traefik.http.routers.madgameslab.rule=Host(`www.madgameslab.com`) || Host(`madgameslab.com`)"
      - "traefik.http.routers.madgameslab.tls=true"
      - "traefik.http.routers.madgameslab.tls.certresolver=lets-encrypt"
      - "traefik.port=7080"
    networks:
      - internal
      - web

  paperquik:
    image: [path to an image]
    labels:
      - "traefik.http.routers.paperquik.rule=Host(`www.paperquik.com`) || Host(`paperquik.com`)"
      - "traefik.http.routers.paperquik.tls=true"
      - "traefik.http.routers.paperquik.tls.certresolver=lets-encrypt"
      - "traefik.port=6080"
    networks:
      - internal
      - web

That makes sense! www.domain.com is redundant with *.domain.com. Let's Encrypt won't issue certificates with redundant names on the certificate.

Glad you got it working.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.