Traefik Config reverts after "./runtipi-cli restart"
Hello, I am trying to set up DNS Challange with CloudFlare API. I follows the steps on the runtipi documentation website. I am able to create the .yml file
Once I was done editing the treafik.yml with the correct information for "cloudflare" and the email, etc, I then restart runtipi with the command "sudo ./runtipi-cli restart".
After the restart I check the traefik.yml to see the changes were reverted. What am I doing wrong? I'm doing exactly what the documentation says.
Here is a log error after the runtipi-cli restart:
~
~
No matter when I change something in the traefik.yml, it always reverts after the restart.
runtipi-reverse-proxy | [90m2024-07-15T18:15:55Z[0m [1m[31mERR[0m[0m Unable to obtain ACME certificate for domains [36merror=[0m[31m"unable to generate a certificate for the domains [10.0.0.2:8756]: acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-order :: urn:ietf:params:acme:error:rejectedIdentifier :: Invalid identifiers requested :: Cannot issue for \"10.0.0.2:8756\": Domain name contains an invalid character"[0m [36mACME CA=[0mhttps://acme-v02.api.letsencrypt.org/directory [36macmeCA=[0mhttps://acme-v02.api.letsencrypt.org/directory [36mdomains=[0m["10.0.0.2:8756"] [36mproviderName=[0mmyresolver.acme [36mrouterName=[0mhomepage@docker [36mrule=[0mHost(`10.0.0.2:8756`)
16 Replies
@TazerFace(ItsMetaphorical) see my response on #💬・general
I am trying a new API key after making the traefik.yml persistent. Should I do the same for the tipi-compose.yml?
Depends on what you want to change
I changed the API key in "tipi-compose.yml" in the /user-config" to the new API, restarted and I get the same error message.
What error message?
runtipi-reverse-proxy | [90m2024-07-15T18:36:35Z[0m [1m[31mERR[0m[0m Unable to obtain ACME certificate for domains [36merror=[0m[31m"unable to generate a certificate for the domains [10.0.0.2:8096]: acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-order :: urn:ietf:params:acme:error:rejectedIdentifier :: Invalid identifiers requested :: Cannot issue for "10.0.0.2:8096": Domain name contains an invalid character"[0m [36mACME CA=[0mhttps://acme-v02.api.letsencrypt.org/directory [36macmeCA=[0mhttps://acme-v02.api.letsencrypt.org/directory [36mdomains=[0m["10.0.0.2:8096"] [36mproviderName=[0mmyresolver.acme [36mrouterName=[0mfilebrowser@docker [36mrule=[0mHost(
10.0.0.2:8096)You can ignore that
That's because traefik is trying to get a certificate for the ip
Which is not possible
That's why it's failing
But with actual domains it should succeed
thanks for the rapid response. this is what I'm looking for! I shall ignore the error messages and drive on.
Yeahp
One final question, does runtipi use the dns challenge to create local certs?
Nope local certs are generated locally not by let's encrypt
So no http/DNS challenge
is there any way to change that?
As far as I am aware no
You could generate the certificates yourself
With something like certbot
And then replace the tipi ones
where do I go to replace the runtipi certs?
I can generate cf certs no prob
They are inside the traefik/tls folder
Although I am not sure if they cert.pem is used for both local and public certificate
I will test this out. It would seem to me the "cert.pem" is the same one you can download from the settings tab on the runtipi gui.
This is confirmed. Cert.pem is the one runtipi generates for local domains. I will replace the cert/priv with cf ones to see what happens.