Switching from let's encrypt staging to production


#1

Hi, I’m using ubuntu 18.04.1 LTS with docker / docker compose and traefik. The setup to get certificates is working fine using the staging Let’s Encrypt caserver (https://acme-staging-v02.api.letsencrypt.org/directory). All my specified hosts do get a Fake LE Intermediate X1cert. There are no errors in the logs.

I can however not enable Let’s Encrypt production certs.
In the traefik.toml file - [acme] I deleted the staging caserver uri: no error in the logs / no production cert (staging cert is still applied). Even when I add the Let’s Encrypt prod uri (https://acme-v02.api.letsencrypt.org/directory) although it should default, result is sill the same: no prod certs and acme.json still shows the staging uri.

The traefik [acme]:
[acme]
email = "someone@gmail.com"
caserver = “https://acme-v02.api.letsencrypt.org/directory
storage=“acme.json”
entryPoint = “https”
onHostRule = true
[acme.httpChallenge]
entryPoint = “http”

[[acme.domains]]
main = “mydomain”
[[acme.domains]]

What am I missing? Appreciate your input.


#2

My guess would be that the autorenewal logic in traefik sees the staging certificate as not expiring yet and doesn’t try and replace it with a production certificate.

Try deleting all the keys under traefik/acme in Consul or whatever configuration backend you’re using and restart Traefik and that should force it to issue certificates again.


#3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.