docker-compose-traefik-letsencrypt-cloudflare icon indicating copy to clipboard operation
docker-compose-traefik-letsencrypt-cloudflare copied to clipboard
verified publisher icon eingress

What do I miss?

Open pippo73 opened this issue 8 months ago • 3 comments

Hi, I'm trying to use your script but something seems not working. I think it is something related to cloudeflare. Here is my dns situation I'm starting from:

Image The arrow points to the domain name I want to use.

to obtain the api key I do as follows (sorry if all the pages are in italian, but I point all the important things with an arrow): From the profile page I select the api token link

Image I create a new token

Image

I select to create a personal token

Image

this are the values I set

Image

  1. is the generic name of this token
  2. read zone
  3. modify dns
  4. I specify the domain name I work on

Then I optain the following page where I create the token

Image

and here is the token I get

Image

this is the value I insert in your script when

then I start your script as follows:


$ ./acdct Test/
Enter the Traefik dashboard host name e.g. traefik.eingress.io: tr.mydomainihaveselected.xyz
Enter the Cloudflare account email address: the mail I use to login on cloudflare
Enter the Cloudflare DNS api token: the token I've obtained in the previous process
Enter the Traefik dashboard user name: admin (or what I want)
Password:  some kind of password
Verifying - Password: some kind of password

Created .env, .htpasswd, and compose.yaml files in Test/
Goodbye

Now I obtain the 3 files. I start the docker file

$ docker compose up -d --remove-orphans --force-recreate

At this point I expect it would work, but nothing happens if I try to connect to https://tr.mydomainihaveselected.xyz

Do I miss something? Hope you could help me.

pippo73 avatar Apr 07 '25 07:04 pippo73

Apologies, I was on holiday.

Have you configured the DNS correctly, i.e. added a suitable CAA (Certificate Authority Authorization) record?

Please see the Let's Encrypt article, but in short add a CAA record for your Traefik domain.

Image

eingress avatar Apr 21 '25 17:04 eingress

No need to apologize :-) here are all volunteers

Image It seems to be configured but no news :-(

pippo73 avatar Apr 21 '25 19:04 pippo73

I can't see anything wrong with what you're doing… except maybe that you're provisioning the token for a single domain, I don't know what your setup is but I use a token that has the following permissions:

All zones - Zone:Read, DNS:Edit

Have you read the compose.yaml file? Specifically the following:

# !!! IMPORTANT! Comment out or delete next line in production! !!! - --certificatesresolvers.letsencrypt.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory

If that's not it can you post your Traefik log please.

eingress avatar Apr 21 '25 19:04 eingress