Traefik：无法获取域的 ACME 证书

Question

我正在使用 traefik 在我的 NAS 上提供一些服务，其中 https 使用 let encrypt。现在我注意到我的 nextcloud 安装的 tls 证书昨天晚上过期了。 Traefik 有这样的日志：

time="2018-08-31T22:43:08Z" level=error msg="Error getting ACME client: ACME client still not built, retrying in 6.83135832s"
time="2018-08-31T22:43:15Z" level=error msg="Error getting ACME client: ACME client still not built, retrying in 12.680203952s"
time="2018-08-31T22:43:28Z" level=error msg="Error getting ACME client: ACME client still not built"

我更新到 v1.7 但现在错误不同了：

time="2018-09-01T07:42:44Z" level=error msg="Unable to obtain ACME certificate for domains \"my.domain\" detected thanks to rule \"Host:cloud.dnas.one\" : cannot get ACME client ACME challenge not specified, please select TLS or HTTP or DNS Challenge"

此消息针对每个域发布，包括内部域和外部域。找不到有关此问题的太多信息。

Traefik 配置：

defaultEntryPoints = ["http", "https"]
idleTimeout = 0
dialTimeout = 0
logLevel = "WARN"

[entryPoints]

[entryPoints.http]
address = ":80"

#entryPoint = "https"

[entryPoints.https]
address = ":443"
[entryPoints.https.tls]

# Lets Encrypt via ACME
[acme]
email = "my@email.de"
storage = "acme.json"
entryPoint = "https"
onDemand = false
OnHostRule = true
caServer = "https://acme-v02.api.letsencrypt.org/directory"

[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "nas.one"
watch = true

Answer 1

您的traefik.toml 文件没有指定从 Let's Encrypt 获取证书的质询方法。 1.7 的错误信息更清楚地说明了这一点。

如果要使用HTTP challenge，请添加以下行：

[acme.httpChallenge]
  entryPoint = "http"

如果你想使用DNS challenge（如果你想使用通配符证书是必需的），添加以下行：

[acme.dnsChallenge]
  provider = "YOURPROVIDER"
  delayBeforeCheck = 0

查看其余配置的文档。