我很难为我的网站设置 Traefik 的"让我们加密"自动证书。它不断弹出错误消息:"您的连接不是私有的"。当我检查证书时,它看起来像屏幕截图上显示的
这个功能被特雷菲克破坏了吗?我怎样才能让它工作。我做错了什么吗?
这是我的traefik.toml文件:
defaultEntryPoints = ["http", "https"]
[web]
address = ":8080"
[web.auth.basic]
users = ["admin:$apr1$yhytIYv.$p0hPOLpt/NE9aAr7c1HsV1"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[acme]
email = "test@traefik.io"
storage = "acme.json"
onDemand = true
caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"
entryPoint = "https"
[acme.httpChallenge]
entryPoint = "http"
另外,我以这种方式启动容器:
docker network create proxy
docker run -d
-v /var/run/docker.sock:/var/run/docker.sock
-v $PWD/traefik.toml:/traefik.toml
-v $PWD/acme.json:/acme.json
-p 80:80
-p 443:443
-l traefik.frontend.rule=Host:monitor.btcsha.com
-l traefik.port=8080
--network proxy
--name traefik
traefik:1.7-alpine --docker
好的,我以某种方式让它工作了。我认为问题是我必须删除旧的acme.json文件。然后当我创建一个新的时,我忘了给它一个"chmod 600 acme.json"
是的,伊兹是对的"caServer = "https://acme-v02.api.letsencrypt.org/directory"
现在它起作用了。因此,为了将来的参考,这是我的traefik.toml:
defaultEntryPoints = ["http", "https"]
[web]
address = ":8080"
[web.auth.basic]
users = ["admin:$apr1$yhytIYv.$p0hPOLpt/NE9aAr7c1HsV1"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[acme]
email = "irmscher9@gmail.com"
storage = "acme.json"
onDemand = true
caServer = "https://acme-v02.api.letsencrypt.org/directory"
entryPoint = "https"
[acme.httpChallenge]
entryPoint = "http"
。我用以下命令启动 docker:
docker network create proxy
docker run -d
-v /var/run/docker.sock:/var/run/docker.sock
-v $PWD/traefik.toml:/traefik.toml
-v $PWD/acme.json:/acme.json
-p 80:80
-p 443:443
-l traefik.frontend.rule=Host:monitor.btcsha.com
-l traefik.port=8080
--network proxy
--name traefik
traefik:1.7-alpine --docker
您正在使用让我们加密暂存 ( caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"
),因此根证书无效,这是预期行为。
请阅读 https://letsencrypt.org/docs/staging-environment/
要获得真正的证书,您需要使用 Let's Encrypt 生产端点 ( caServer = "https://acme-v02.api.letsencrypt.org/directory"
),这是 Traefik 中的默认设置。