Switching from let's encrypt staging to production

Hi, I’m using ubuntu 18.04.1 LTS with docker / docker compose and traefik. The setup to get certificates is working fine using the staging Let’s Encrypt caserver (https://acme-staging-v02.api.letsencrypt.org/directory). All my specified hosts do get a Fake LE Intermediate X1cert. There are no errors in the logs.

I can however not enable Let’s Encrypt production certs.
In the traefik.toml file - [acme] I deleted the staging caserver uri: no error in the logs / no production cert (staging cert is still applied). Even when I add the Let’s Encrypt prod uri (https://acme-v02.api.letsencrypt.org/directory) although it should default, result is sill the same: no prod certs and acme.json still shows the staging uri.

The traefik [acme]:
[acme]
email = "someone@gmail.com"
caserver = “https://acme-v02.api.letsencrypt.org/directory”
storage=“acme.json”
entryPoint = “https”
onHostRule = true
[acme.httpChallenge]
entryPoint = “http”

[[acme.domains]]
main = “mydomain”
[[acme.domains]]
…

What am I missing? Appreciate your input.

My guess would be that the autorenewal logic in traefik sees the staging certificate as not expiring yet and doesn’t try and replace it with a production certificate.

Try deleting all the keys under traefik/acme in Consul or whatever configuration backend you’re using and restart Traefik and that should force it to issue certificates again.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.