Using Digital Ocean, Trafik v1.7.18, Let's Encrypt and Docker Compose version 3 I was able to get an SSL certificate for my non-www wildcard domains and main domain. However, when I try to access https://www.ex.example.com I get an error page saying "Your connection is not private" with a NET::ERR_CERT_AUTHORITY_INVALID error.
How can I get my "www" domains to receive a valid SSL Certificate?
Here is my traefik.toml code
#debug = true
logLevel = "DEBUG"
InsecureSkipVerify = true
defaultEntryPoints = ["https", "http"]
# WEB interface of Traefik - it will show web page with overview of frontend and backend configurations
[api]
entryPoint = "traefik"
dashboard = true
address = ":8080"
# Force HTTPS
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
minVersion = "VersionTLS12"
# Let's encrypt configuration
[acme]
email = "support@example.com" #any email id will work
storage="/acme/acme.json"
entryPoint = "https"
acmeLogging=true
onDemand = false #create certificate when container is created
[acme.dnsChallenge]
provider = "digitalocean"
delayBeforeCheck = 300
[[acme.domains]]
main = "example.com"
[[acme.domains]]
main = "*.example.com"
# Connection to docker host system (docker.sock)
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "example.com"
watch = true
# This will hide all docker containers that don't have explicitly
# set label to "enable"
exposedbydefault = false
Here is my docker-compose.yml code
version: '3'
services:
traefik:
image: traefik:1.7.18-alpine
restart: unless-stopped
command: --docker
environment:
- DO_AUTH_TOKEN=${DO_AUTH_TOKEN}
labels:
- "traefik.backend=traefik"
- "traefik.docker.network=proxy"
- "traefik.enable=true"
- "traefik.port=${UI_PORT}"
- "traefik.frontend.redirect.regex=^https?://www.${CURRENT_URL}/(.*)"
- "traefik.frontend.redirect.replacement=https://${CURRENT_URL}/$${1}"
- "traefik.frontend.rule=Host:${DOCKER_URL_HOST}"
- "traefik.frontend.headers.SSLRedirect=true"
- "traefik.frontend.headers.browserXSSFilter=true"
- "traefik.frontend.headers.contentTypeNosniff=true"
- "traefik.frontend.headers.forceSTSHeader=true"
- "traefik.frontend.headers.SSLForceHost=true"
- "traefik.frontend.headers.STSSeconds=315360000"
- "traefik.frontend.headers.STSIncludeSubdomains=true"
- "traefik.frontend.headers.STSPreload=true"
- "traefik.frontend.headers.frameDeny=true"
- "traefik.frontend.auth.basic.users=${HTTP_USERNAME}:${HTTP_PASSWORD}"
- "traefik.frontend.headers.contentSecurityPolicy=${CONTENT_SECURITY_POLICY}"
networks:
- proxy
- internal
ports:
- ${HTTP_PORT}:${HTTP_PORT}
- ${HTTPS_PORT}:${HTTPS_PORT}
- ${UI_PORT}:${UI_PORT}
volumes:
- $PWD/traefik.toml:/traefik.toml
- $PWD/acme/acme.json:/acme/acme.json
- /var/run/docker.sock:/var/run/docker.sock
networks:
proxy:
external: true
internal:
external: false