I am trying to configure a Traefik (v2.2.1) IngressRoute CRD resource as follows with the incubating traefik 2 chart (v8.6.1) in github at https://github.com/containous/traefik-helm-chart/tree/master/traefik:
ingressroute:
enabled: true
tls:
enabled: true
certResolver: production
domains:
main: prod0.api.spadash.com
sans:
- prod.api.spadash.com # canonical dns name for apps to use for prod environment
- spadash.com # legacy dns name for prod environment, should be removed once apps updated
When I look at my traefik logs I see the following:
time="2020-06-21T02:16:35Z" level=info msg="Starting provider *acme.Provider {\"email\":\"vendor@spadash.com\",\"caServer\":\"https://acme-v02.api.letsencrypt.org/directory\",\"storage\":\"/data/acme.json\",\"keyType\":\"RSA4096\",\"dnsChallenge\":{\"provider\":\"route53\",\"delayBeforeCheck\":5000000000},\"ResolverName\":\"production\",\"store\":{},\"ChallengeStore\":{}}"
time="2020-06-21T02:16:35Z" level=info msg="Testing certificate renew..." providerName=production.acme
time="2020-06-21T02:16:37Z" level=error msg="Unable to obtain ACME certificate for domains \"prod0.api.spadash.com,prod.api.spadash.com spadash.com\" : unable to generate a certificate for the domains [prod0.api.spadash.com prod.api.spadash.com spadash.com]: acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-order :: urn:ietf:params:acme:error:rejectedIdentifier :: Error creating new order :: Cannot issue for \"prod.api.spadash.com spadash.com\": Domain name contains an invalid character, url: " providerName=production.acme
Why is Traefik joining all domains.main and domains.sans hostnames with a space when requesting certs? Is this a bug in my chart configuration , the Helm chart used to install Traefik, or Traefik itself?
Many thanks in advance.