I want to expose self-hosted service to access from internet (tinytinyrss, owncloud and other stuff). So I decided to use traefik as reverse proxy with letsencrypt for HTTPS certificat. Before jumping into a whole stack for each service a tried to test a simple stack with traefik and letsencrypt and a simple whoami container that respond a simple text. The docker is running on a odroid XU-4 board.
Here is my docker-compose :
version: '3.6'
services:
traefik:
container_name: traefik
image: traefik:1.6.1-alpine
ports:
- 80:80
- 443:443
- 8080:8080
networks:
- proxy
environment:
- DUCKDNS_TOKEN=my_duck_dns_token
volumes:
- /var/run/docker.sock:/var/run/docker.sock
- ./traefik/traefik.toml:/traefik.toml
- ./traefik/acme/acme.json:/etc/traefik/acme.json
- ./log:/var/log/traefik
labels:
- traefik.enable=true
- traefik.port=8080
- traefik.frontend.rule=Host:my_duck_dns.duckdns.org
restart: always
whoami:
container_name: whoami
image: hypriot/rpi-whoami
ports:
- 8000
networks:
- proxy
labels:
- traefik.frontend.rule=Host:my_duck_dns.duckdns.org;PathPrefixStrip:/whoami/
- traefik.frontend.entryPoints=https
- traefik.docker.network=proxy
- traefik.protocol=http
- traefik.enable=true
- traefik.port=8000
restart: always
networks:
proxy:
name: proxy
And my traefik.toml :
debug = true
logLevel = "DEBUG"
checkNewVersion = true
defaultEntryPoints = ["http", "https"]
[proxy]
address = ":8080"
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
#[traefikLog]
# filePath = "/var/log/traefik/traefik.log"
# format = "json"
# logLevel = "DEBUG"
#[accessLog]
# filePath = "/var/log/traefik/access.log"
# format = "json"
# logLevel = "DEBUG"
[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "my_duck_dns.duckdns.org"
exposedbydefault = false
watch = true
[acme]
caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"
email = "[email protected]"
storage = "/etc/traefik/acme.json"
entryPoint = "https"
acmeLogging = false
[acme.httpChallenge]
entryPoint = "http"
[acme.dnsChallenge]
provider = "duckdns"
delayBeforeCheck = 0
[[acme.domains]]
main = "my_duck_dns.duckdns.org"
sans = ["my_duck_dns.duckdns.org"]
My router is a dd-wrt flash, I forward 80, 8080 and 443 port to a debian computer with this dock-compose on it. The router hand the dynamic duck DNS update.
I ran my containers with the folowing command :
docker-compose build --no-cache && docker-compose up --build
And I got these logs when I try to hit the http://my_duck_dns.duckdns.org/whoami/ from the outside of my LAN. The 80 is redirected correctly to the 443 but with this log :
traefik | time="2018-05-18T16:15:05Z" level=debug msg="http: TLS handshake error from 151.58.32.33:65175: read tcp 172.27.0.3:443->154.47.32.66:64175: read: connection reset by peer"
The whole DEBUG stack is below :
whoami | Listening on :8000
traefik | time="2018-05-18T18:30:55Z" level=info msg="Using TOML configuration file /traefik.toml"
traefik | time="2018-05-18T18:30:55Z" level=info msg="Traefik version v1.6.1 built on 2018-05-14_07:16:56PM"
traefik | time="2018-05-18T18:30:55Z" level=info msg="\nStats collection is disabled.\nHelp us improve Traefik by turning this feature on :)\nMore details on: https://docs.traefik.io/basics/#collected-data\n"
traefik | time="2018-05-18T18:30:55Z" level=debug msg="Global configuration loaded {\"LifeCycle\":{\"RequestAcceptGraceTimeout\":0,\"GraceTimeOut\":10000000000},\"GraceTimeOut\":0,\"Debug\":true,\"CheckNewVersion\":true,\"SendAnonymousUsage\":false,\"AccessLogsFile\":\"\",\"AccessLog\":null,\"TraefikLogsFile\":\"\",\"TraefikLog\":null,\"Tracing\":null,\"LogLevel\":\"DEBUG\",\"EntryPoints\":{\"http\":{\"Address\":\":80\",\"TLS\":null,\"Redirect\":{\"entryPoint\":\"https\"},\"Auth\":null,\"WhitelistSourceRange\":null,\"WhiteList\":null,\"Compress\":false,\"ProxyProtocol\":null,\"ForwardedHeaders\":{\"Insecure\":true,\"TrustedIPs\":null}},\"https\":{\"Address\":\":443\",\"TLS\":{\"MinVersion\":\"\",\"CipherSuites\":null,\"Certificates\":null,\"ClientCAFiles\":null,\"ClientCA\":{\"Files\":null,\"Optional\":false}},\"Redirect\":null,\"Auth\":null,\"WhitelistSourceRange\":null,\"WhiteList\":null,\"Compress\":false,\"ProxyProtocol\":null,\"ForwardedHeaders\":{\"Insecure\":true,\"TrustedIPs\":null}}},\"Cluster\":null,\"Constraints\":[],\"ACME\":null,\"DefaultEntryPoints\":[\"http\",\"https\"],\"ProvidersThrottleDuration\":2000000000,\"MaxIdleConnsPerHost\":200,\"IdleTimeout\":0,\"InsecureSkipVerify\":false,\"RootCAs\":null,\"Retry\":null,\"HealthCheck\":{\"Interval\":30000000000},\"RespondingTimeouts\":null,\"ForwardingTimeouts\":null,\"AllowMinWeightZero\":false,\"Web\":null,\"Docker\":{\"Watch\":true,\"Filename\":\"\",\"Constraints\":null,\"Trace\":false,\"TemplateVersion\":2,\"DebugLogGeneratedTemplate\":false,\"Endpoint\":\"unix:///var/run/docker.sock\",\"Domain\":\"@.duckdns.org\",\"TLS\":null,\"ExposedByDefault\":false,\"UseBindPortIP\":false,\"SwarmMode\":false},\"File\":null,\"Marathon\":null,\"Consul\":null,\"ConsulCatalog\":null,\"Etcd\":null,\"Zookeeper\":null,\"Boltdb\":null,\"Kubernetes\":null,\"Mesos\":null,\"Eureka\":null,\"ECS\":null,\"Rancher\":null,\"DynamoDB\":null,\"ServiceFabric\":null,\"Rest\":null,\"API\":null,\"Metrics\":null,\"Ping\":null}"
traefik | time="2018-05-18T18:30:55Z" level=error msg="Failed to read new account, ACME data conversion is not available : permissions 664 for /etc/traefik/acme.json are too open, please use 600"
traefik | time="2018-05-18T18:30:55Z" level=info msg="Preparing server http &{Address::80 TLS:<nil> Redirect:0x13e3d980 Auth:<nil> WhitelistSourceRange:[] WhiteList:<nil> Compress:false ProxyProtocol:<nil> ForwardedHeaders:0x13ea6c00} with readTimeout=0s writeTimeout=0s idleTimeout=3m0s"
traefik | time="2018-05-18T18:30:55Z" level=info msg="Preparing server https &{Address::443 TLS:0x13b82080 Redirect:<nil> Auth:<nil> WhitelistSourceRange:[] WhiteList:<nil> Compress:false ProxyProtocol:<nil> ForwardedHeaders:0x13ea6c10} with readTimeout=0s writeTimeout=0s idleTimeout=3m0s"
traefik | time="2018-05-18T18:30:55Z" level=info msg="Starting server on :80"
traefik | time="2018-05-18T18:30:56Z" level=info msg="Starting server on :443"
traefik | time="2018-05-18T18:30:56Z" level=info msg="Starting provider configuration.providerAggregator {}"
traefik | time="2018-05-18T18:30:56Z" level=info msg="Starting provider *docker.Provider {\"Watch\":true,\"Filename\":\"\",\"Constraints\":null,\"Trace\":false,\"TemplateVersion\":2,\"DebugLogGeneratedTemplate\":false,\"Endpoint\":\"unix:///var/run/docker.sock\",\"Domain\":\"my_duck_dns.duckdns.org\",\"TLS\":null,\"ExposedByDefault\":false,\"UseBindPortIP\":false,\"SwarmMode\":false}"
traefik | time="2018-05-18T18:30:56Z" level=info msg="Starting provider *acme.Provider {\"Email\":\"[email protected]\",\"ACMELogging\":false,\"CAServer\":\"https://acme-staging-v02.api.letsencrypt.org/directory\",\"Storage\":\"/etc/traefik/acme.json\",\"EntryPoint\":\"https\",\"OnHostRule\":false,\"OnDemand\":false,\"DNSChallenge\":{\"Provider\":\"duckdns\",\"DelayBeforeCheck\":0},\"HTTPChallenge\":{\"EntryPoint\":\"http\"},\"Domains\":[{\"Main\":\"my_duck_dns.duckdns.org\",\"SANs\":[\"my_duck_dns.duckdns.org\"]}],\"Store\":{}}"
traefik | time="2018-05-18T18:30:56Z" level=error msg="Error starting provider *acme.Provider: unable to get ACME account : permissions 664 for /etc/traefik/acme.json are too open, please use 600"
traefik | time="2018-05-18T18:30:56Z" level=debug msg="Provider connection established with docker 18.05.0-ce (API 1.37)"
traefik | time="2018-05-18T18:30:56Z" level=debug msg="originLabelsmap[com.docker.compose.service:traefik org.label-schema.docker.schema-version:1.0 org.label-schema.version:v1.6.1 traefik.port:8080 com.docker.compose.oneoff:False org.label-schema.description:A modern reverse-proxy traefik.frontend.rule:Host:my_duck_dns.duckdns.org com.docker.compose.config-hash:d0eee974d8ebe83a1e048b7e554fad562e4c3631785fe5dc2485f947910ffb90 com.docker.compose.container-number:1 org.label-schema.url:https://traefik.io org.label-schema.vendor:Containous traefik.enable:true com.docker.compose.project:odroidtests com.docker.compose.version:1.20.0 org.label-schema.name:Traefik]"
traefik | time="2018-05-18T18:30:56Z" level=debug msg="allLabelsmap[:map[traefik.frontend.rule:Host:my_duck_dns.duckdns.org traefik.enable:true traefik.port:8080]]"
traefik | time="2018-05-18T18:30:56Z" level=debug msg="originLabelsmap[com.docker.compose.config-hash:3586d1268056130cedb21e01704782c7d311fbcb286fd56b64e92ec8bb690e22 traefik.docker.network:proxy traefik.frontend.entryPoints:https traefik.port:8000 traefik.protocol:http traefik.frontend.rule:Host:my_duck_dns.duckdns.org;PathPrefixStrip:/whoami/ com.docker.compose.container-number:1 com.docker.compose.oneoff:False com.docker.compose.project:odroidtests com.docker.compose.service:whoami com.docker.compose.version:1.20.0 traefik.enable:true]"
traefik | time="2018-05-18T18:30:56Z" level=debug msg="allLabelsmap[:map[traefik.port:8000 traefik.protocol:http traefik.docker.network:proxy traefik.enable:true traefik.frontend.rule:Host:my_duck_dns.duckdns.org;PathPrefixStrip:/whoami/ traefik.frontend.entryPoints:https]]"
traefik | time="2018-05-18T18:30:56Z" level=debug msg="originLabelsmap[com.docker.compose.service:traefik org.label-schema.docker.schema-version:1.0 org.label-schema.version:v1.6.1 traefik.port:8080 com.docker.compose.oneoff:False org.label-schema.description:A modern reverse-proxy traefik.frontend.rule:Host:my_duck_dns.duckdns.org com.docker.compose.config-hash:d0eee974d8ebe83a1e048b7e554fad562e4c3631785fe5dc2485f947910ffb90 com.docker.compose.container-number:1 org.label-schema.url:https://traefik.io org.label-schema.vendor:Containous traefik.enable:true com.docker.compose.project:odroidtests com.docker.compose.version:1.20.0 org.label-schema.name:Traefik]"
traefik | time="2018-05-18T18:30:56Z" level=debug msg="allLabelsmap[:map[traefik.port:8080 traefik.frontend.rule:Host:my_duck_dns.duckdns.org traefik.enable:true]]"
traefik | time="2018-05-18T18:30:56Z" level=debug msg="originLabelsmap[com.docker.compose.project:odroidtests com.docker.compose.service:whoami com.docker.compose.version:1.20.0 traefik.enable:true traefik.frontend.rule:Host:my_duck_dns.duckdns.org;PathPrefixStrip:/whoami/ com.docker.compose.container-number:1 com.docker.compose.oneoff:False traefik.frontend.entryPoints:https traefik.port:8000 traefik.protocol:http com.docker.compose.config-hash:3586d1268056130cedb21e01704782c7d311fbcb286fd56b64e92ec8bb690e22 traefik.docker.network:proxy]"
traefik | time="2018-05-18T18:30:56Z" level=debug msg="allLabelsmap[:map[traefik.enable:true traefik.docker.network:proxy traefik.frontend.entryPoints:https traefik.port:8000 traefik.protocol:http traefik.frontend.rule:Host:my_duck_dns.duckdns.org;PathPrefixStrip:/whoami/]]"
traefik | time="2018-05-18T18:30:56Z" level=debug msg="Validation of load balancer method for backend backend-traefik-odroidtests failed: invalid load-balancing method ''. Using default method wrr."
traefik | time="2018-05-18T18:30:56Z" level=debug msg="Validation of load balancer method for backend backend-whoami-odroidtests failed: invalid load-balancing method ''. Using default method wrr."
traefik | time="2018-05-18T18:30:56Z" level=debug msg="Configuration received from provider docker: {\"backends\":{\"backend-traefik-odroidtests\":{\"servers\":{\"server-traefik\":{\"url\":\"http://172.27.0.2:8080\",\"weight\":1}},\"loadBalancer\":{\"method\":\"wrr\"}},\"backend-whoami-odroidtests\":{\"servers\":{\"server-whoami\":{\"url\":\"http://172.27.0.3:8000\",\"weight\":1}},\"loadBalancer\":{\"method\":\"wrr\"}}},\"frontends\":{\"frontend-Host-my_duck_dns-duckdns-org-0\":{\"entryPoints\":[\"http\",\"https\"],\"backend\":\"backend-traefik-odroidtests\",\"routes\":{\"route-frontend-Host-my_duck_dns-duckdns-org-0\":{\"rule\":\"Host:my_duck_dns.duckdns.org\"}},\"passHostHeader\":true,\"priority\":0,\"basicAuth\":[]},\"frontend-Host-my_duck_dns-duckdns-org-PathPrefixStrip-whoami-1\":{\"entryPoints\":[\"https\"],\"backend\":\"backend-whoami-odroidtests\",\"routes\":{\"route-frontend-Host-my_duck_dns-duckdns-org-PathPrefixStrip-whoami-1\":{\"rule\":\"Host:my_duck_dns.duckdns.org;PathPrefixStrip:/whoami/\"}},\"passHostHeader\":true,\"priority\":0,\"basicAuth\":[]}}}"
traefik | time="2018-05-18T18:30:56Z" level=debug msg="Creating frontend frontend-Host-my_duck_dns-duckdns-org-0"
traefik | time="2018-05-18T18:30:56Z" level=debug msg="Wiring frontend frontend-Host-my_duck_dns-duckdns-org-0 to entryPoint http"
traefik | time="2018-05-18T18:30:56Z" level=debug msg="Creating route route-frontend-Host-my_duck_dns-duckdns-org-0 Host:my_duck_dns.duckdns.org"
traefik | time="2018-05-18T18:30:56Z" level=debug msg="Creating entry point redirect http -> https"
traefik | time="2018-05-18T18:30:56Z" level=debug msg="Creating backend backend-traefik-odroidtests"
traefik | time="2018-05-18T18:30:56Z" level=debug msg="Creating load-balancer wrr"
traefik | time="2018-05-18T18:30:56Z" level=debug msg="Creating server server-traefik at http://172.27.0.2:8080 with weight 1"
traefik | time="2018-05-18T18:30:56Z" level=debug msg="Wiring frontend frontend-Host-my_duck_dns-duckdns-org-0 to entryPoint https"
traefik | time="2018-05-18T18:30:56Z" level=debug msg="Creating route route-frontend-Host-my_duck_dns-duckdns-org-0 Host:my_duck_dns.duckdns.org"
traefik | time="2018-05-18T18:30:56Z" level=debug msg="Creating backend backend-traefik-odroidtests"
traefik | time="2018-05-18T18:30:56Z" level=debug msg="Creating load-balancer wrr"
traefik | time="2018-05-18T18:30:56Z" level=debug msg="Creating server server-traefik at http://172.27.0.2:8080 with weight 1"
traefik | time="2018-05-18T18:30:56Z" level=debug msg="Creating frontend frontend-Host-my_duck_dns-duckdns-org-PathPrefixStrip-whoami-1"
traefik | time="2018-05-18T18:30:56Z" level=debug msg="Wiring frontend frontend-Host-my_duck_dns-duckdns-org-PathPrefixStrip-whoami-1 to entryPoint https"
traefik | time="2018-05-18T18:30:56Z" level=debug msg="Creating route route-frontend-Host-my_duck_dns-duckdns-org-PathPrefixStrip-whoami-1 Host:my_duck_dns.duckdns.org;PathPrefixStrip:/whoami/"
traefik | time="2018-05-18T18:30:56Z" level=debug msg="Creating backend backend-whoami-odroidtests"
traefik | time="2018-05-18T18:30:56Z" level=debug msg="Creating load-balancer wrr"
traefik | time="2018-05-18T18:30:56Z" level=debug msg="Creating server server-whoami at http://172.27.0.3:8000 with weight 1"
traefik | time="2018-05-18T18:30:56Z" level=info msg="Server configuration reloaded on :80"
traefik | time="2018-05-18T18:30:56Z" level=info msg="Server configuration reloaded on :443"
traefik | time="2018-05-18T18:30:05Z" level=debug msg="http: TLS handshake error from 151.58.32.33:65175: read tcp 172.27.0.3:443->154.47.32.66:64175: read: connection reset by peer"
The acme.json is filled with these on the container :
{
"Account": {
"Email": "[email protected]",
"Registration": {
"body": {
"status": "valid",
"contact": [
"mailto:[email protected]"
]
},
"uri": "https://acme-staging-v02.api.letsencrypt.org/acme/acct/6100073"
},
"PrivateKey": "MIIJKQIBAAKCAgEAyg8Zb7v4cegwKpM1RxbCdrqsqfqsfdsqdfsdfgsdfgsdfg/EG0w4UP0MGD2mwZFQXAVsFjK8M3IRFP0xqNbNTQgN6nw/+pPqlxPl5kmWHIhnRp7iXGWMw/UCexT8P2eWGA9UUzXcLxwfsB74nc23nKewLBGsjRtbBXybrjtfNhLOhpPv5mF5T3s0QpT4JNlU4D3+AqnI4Vk09gVH2B+c4VK3a0Z6XsdXRPUP2oSesLyc3EeA0ayQRQyr/FAC89EDfM9BiOkONcTsCwzwQ7bstkfVXl7hZ09E0mYmdvQwMGLqTIns2EMPP3+i+/oF4SVuB/g0Sv8S06bQe54vQsHalU5EUv98ge2hfZdHLSsvgnpylTH6+TXxYIxdvqhavraxgRgirOrVV06rq5vXcHNkTW+lL/b2D23LDs/MDlJ7N5iwlycGABlNNospiYc20YLldDlY1YyZ7ToVu437+Y86gQ+msOYWlbezgE9tNbe8/kuK1zlRS8U2t4yj74YYQq96pmZTGmdnrDKnPU45JhnL6KQD1W7joLEl7UuSVvD7iVo5TpUo8VLgasKrV3WCs/FDFq1GD5S1Rbp070ZNPeA6cJaRE8cJV2fvGxQJXZUCAwEAAQKCAgB2ZsCuA8TC4p8O47INlR2guYgGVO+gAY7ZXdE1dcqD/5r6z9eRe/X4O575sNDUKu3lWDt3twkpXwKPqFSjf4DpmuJYF5Y2tSVbRlPudMESARH9UjvxJIlywYgilRV4QvArbz5anebHXzV/I/E0jmWCHVSyNe0JoYNQD0sg+kz2U9p9n8R80m+sWulQjorEmvhxIv8F3D26gM4kYOOErbFbrwdP6cdHG5g0G3qLzYfgYfQZ2I1iuN+T7TxLwdNOzMJXvW6J9GmbH+iRfFeXbmK6F1QziOfoGaVtUnwl8UA3+QyQXgXA4rlupCLqA1HoiO4h9zGG+l/ZnU9xXJJAq3VB/E38tBCBCMUB8Ms88ydsR2twq2THxRexiojCNbwxMjPV9qKi8hLU9ryl/ja7Pyu3ZgxsDNWKGla+UEdw/cw0CkmRKPIOPFmFbRiL58nSG+OLpAHpBjDkhWGH+wS/A3+snUHVPYhNzQPGwiEpunw/Yp5sbiqB4QkJAE3ThBByg3JdBsEaz0kZHyBNC3DcrqG8V4kBG0I1uMjddXfyJZd+J11RV6wPGY0hHKIdgaSvDCNIQ3A0WotnteQjG1MFWALgMaf1fxp+SQXoYVX051c6fgnCb3t+RT+CNBTnhx6tKf94DwY+TcGWdXL19Jlrp9ADPoKHOww8GbfAAkSj53F95QKCAQEA//0zCOVcwT6qoTKzD5RGcxY8XA5qy7ElMYp0cnxZt3FhMEgqzfVXmUF7JECvnRg0BhpAvW8mRbBFTvHnFuST89GAIrxH8FY4WdF+u2a82fd6fDYYGuJrWhWeMG4tl3jaj/CtdQLcfZmeP9QEPw5BGMRFHgckNrIsUGxu1CLbqDMg1kRxFdpRVrHaLQoLRoM5ClS+uskzrvXrU7yiRbH380CmIdB7wyXaS08coRmVNEFIdjNMbUw+fy5ZxotO31N2a7ACb1djKu/AhSDQbj9EwKuXD87xLO6pfHObaFe93N8zkS3UCF3CR4tnjVsAu3DZ7NFCd7tBN4y4T7CT0LRn8wKCAQEAyhFPWzGlrl4Qd9PBcxYaWo9BveiFDRqcdkaId3QI76PB7eeLgAAs6NEYH2QrqgKs46fx5f7Wqqj2PRGIImXaSAB66pzPKd+rlYYIuyKT4iYFZysRy59B3RNw2nsMF0v3WRYOOl2QA42Ziy9We1fe2E9ohPK8fUpT6ZOe5hv8rCA5iUOhDppl8dzEepPlqkEoE25DoFZR30HZGRL7JT64KK5xQtfjyyXwdFthwLj27btnUSx5ldYN8PUkALrf38YKaoiCfj3EB2jPfdul0YtmrirdvneGhpEXQDPloznmbP2/U73znfSSqZSHudI1g+x0mXB87H1J1pGkQsbPVjpOVwKCAQA0DzohxQNoCWaKAdWIhY8OOKdt0UDGy+/Uc2PbJI7aT6SEPSj3Wb3G3Ro99SnBuPpbg1tHKyONaJuvwmJMtY+hNino5oF6zw4GtiQf2HTvnvS57gZY8VMDrwHMt5tuApXwT/H2qe5NXMBiGqwCZtO2RbQIt0sWFIYOlP61BaHGQx+ac7DL0OpZxzGnlzNT07v17eYb9m8cVcbV8LbPlbHnNm6S0eNZfIk4Z45a9OjzB5PE9gnE8IyFMNfxGMOhh0e9/r2ABzWTtc5hRJse0J8az8qY3G0PxjmRpbElNzLViE7kZ32Hdgncou0cQjWT6Q9oqeXqk5pfwa56Bl8JQqchAoIBAQChl/o4WZm/ueW9jhB0MsbciRfwAVT1x8Q8KefUb2z+B5183eCHepxvi1eZMwhgK0eLv7EJVyTg0cIp0C1oJL/NOOUTXleliwOyzb+Jt/s/rVxAxwayKigH3hYwApsGvm+ORL8YGd6jmMejsTWd6gWCQu64802dfKVic/Vs3BDSreqVRQo1nW/NXdmalU/jObwM3e8i+CT9P7GYBb/mZyPrFKXq6K94tFx5EOM5tjFyqJ3VIpYRJ196xPAHzWpfkAagb4672jU8H6tfYRpYWvzAZ/Nw8DEayEkpxNbuE82cd8hb9dovBXmMOAXaqqq1V5Ffa7/bd85m043jAQ6qTHJ9AoIBAQCaz4ooInQ8eRF0umZ6NmW3j8cKNT0Avkqt2zXwgvjGTrKaud6smH8qmhS2JNAUcLSHqAGJULROWTKaJiT3UOggPEAdAC6+3pxfn3k9rIEeNU1OMTgwxNcX8JdtDw+WA+WMDk6LM/ZPZkoT6YSGcvk1V9ocp0gzFpL5prlkMbXxR6d8dcI1elTDXbHQ/zTAQiPxhjSMvwR/8HRHzEnfxU5bSQD9sKt6FZhTdi322Crjx9PmVOE6AR+kqqy9GPZ9S8oYthwLCgfuZNIuy3O1u9V5epg4vNoNEB7WDtHIxYQqfhOPHaqsfhY5t0JQBYcUoSWhFskRDvVrD1f6eZxVspcZ"
},
"Certificates": [
{
"Domain": {
"Main": "my_duck_dns.duckdns.org",
"SANs": null
},
"Certificate": "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUcvVENDQmVXZ0F3SUsgdfgsdfm16eDNycmNsVHltTnNDK0ZDTkRBTkJna3Foa2lHOXcwQkFRc0YKQURBaU1TQXdIZ1lEVlFRRERCZEdZV3RsSUV4RklFbHVkR1Z5YldWa2FXRjBaU0JZTVRBZUZ3MHhPREExTVRZeApPREV6TXpsYUZ3MHhPREE0TVRReE9ERXpNemxhTUNNeElUQWZCZ05WQkFNVEdHRjNaWE52YldWemFHOWxjeTVrCmRXTnJaRzV6TG05eVp6Q0NBaUl3RFFZSktvWklodmNOQVFFQkJRQURnZ0lQQURDQ0Fnb0NnZ0lCQU1kaVE3VDEKNjZuOXR2MWphRHJ0ZnBwRGc1SzZBbkw3OGNzS2c3SEFCTFRUSlBzRlFtNkFTckpITXBhMW5iUk5IQTMydjQvTwpDZzB5RlZvUnFZUjRtT0djK01DSlpicVhERmhUMmRwcUJIdG9WWFBuTWV1OWRBTTdDZENNSjVYaW4wbk02NHhNCmwvZm96UWJsRWVxOUpXU2JxVjAwMzhtb2tuMzlQWmFBRUc1N2pQbDUwaUpnU0VvU0xEeXQwTXZjeGZSdDE1WXIKeUhMZGhpMkM5emxOUnlYbXdod1d4cXpGTDBDcDFlb01hcG5GNldYT1NQcDBEZTJIR3RoNjMxQ2hRcm02L1dIRgpUVkZwa3JVUGlpbzhwZ2dEd1pUQk5qbE91TFRNVWVnVHhsVkt4Q0pRRUdhNVBXVzFvWXM1L05veGNvdEpiVVJXCkdHTlh6YTF5YlZ3RFJoUUV6TEhpWGZlTi9KZ3dEY2JvTFdXQUp1dUlGZUdCVENBUVFINDljSVV5NjhqZzh0WnQKUXBUMm1hbmRFRFgvVDZXSFNWVUdnTGtXbGtmN1hwMW82dUozc1h0ZHpBT2E3MlVLRHVxcFIraXNPVnluQ1h6MgpCNUVRbTc1QjNYTmdEUGdQYnZnK1hHQkJVSDdyK0FCSVJwSDgwaVVDdnd5WVdKSTZGNUhQajZOTmQrZTExd0dVCkhTU2FQTUxBaHJGWmUyenNUN3VXTHp3bmVEeExrYWI2MzZpekpuS0tNWUlmZ2I0WVEwUXpqQU1yVUZML05ITTIKeXBrMmhCL2dYKzFibFVqNk1TTU1CMG9wRmk0ZlJlQ1JZc0l4Y0dEU1hxcGtVSXdmVUdlRUFXb3BjYWp3TTJaRwpoR1lKUW5NUDVKVjd1VVBBamdXVHd2Nk4rSlRJRHJweXgwVTFBZ01CQUFHamdnTXBNSUlESlRBT0JnTlZIUThCCkFmOEVCQU1DQmFBd0hRWURWUjBsQkJZd0ZBWUlLd1lCQlFVSEF3RUdDQ3NHQVFVRkJ3TUNNQXdHQTFVZEV3RUIKL3dRQ01BQXdIUVlEVlIwT0JCWUVGS3F4dUMyV1kyZnZCR3hGOGdPTXR4YmNzV2l0TUI4R0ExVWRJd1FZTUJhQQpGTURNQTBhNVdDRE1YSEp3OCtFdXl5Q205V2c2TUhjR0NDc0dBUVVGQndFQkJHc3dhVEF5QmdnckJnRUZCUWN3CkFZWW1hSFIwY0RvdkwyOWpjM0F1YzNSbkxXbHVkQzE0TVM1c1pYUnpaVzVqY25sd2RDNXZjbWN3TXdZSUt3WUIKQlFVSE1BS0dKMmgwZEhBNkx5OWpaWEowTG5OMFp5MXBiblF0ZURFdWJHVjBjMlZ1WTNKNWNIUXViM0puTHpBagpCZ05WSFJFRUhEQWFnaGhoZDJWemIyMWxjMmh2WlhNdVpIVmphMlJ1Y3k1dmNtY3dnZjRHQTFVZElBU0I5akNCCjh6QUlCZ1puZ1F3QkFnRXdnZVlHQ3lzR0FRUUJndDhUQVFFQk1JSFdNQ1lHQ0NzR0FRVUZCd0lCRmhwb2RIUncKT2k4dlkzQnpMbXhsZEhObGJtTnllWEIwTG05eVp6Q0Jxd1lJS3dZQkJRVUhBZ0l3Z1o0TWdadFVhR2x6SUVObApjblJwWm1sallYUmxJRzFoZVNCdmJteDVJR0psSUhKbGJHbGxaQ0IxY0c5dUlHSjVJRkpsYkhscGJtY2dVR0Z5CmRHbGxjeUJoYm1RZ2IyNXNlU0JwYmlCaFkyTnZjbVJoYm1ObElIZHBkR2dnZEdobElFTmxjblJwWm1sallYUmwKSUZCdmJHbGplU0JtYjNWdVpDQmhkQ0JvZEhSd2N6b3ZMMnhsZEhObGJtTnllWEIwTG05eVp5OXlaWEJ2YzJsMApiM0o1THpDQ0FRVUdDaXNHQVFRQjFua0NCQUlFZ2ZZRWdmTUE4UUIzQUNoMkdoaVFKL3Z2UE5EV0dnR05kckJRClZ5bkhwMEViekwzMkJQUmRRbUZUQUFBQlkycGZTRWdBQUFRREFFZ3dSZ0loQUxWTVlBNTVCdFNXZUNOSFg4cXgKMFV0dmlNU0kzdVVueCtQNlJUN05yRWlRQWlFQXBDbFAvOXhnQXIzU0xZL1hWdWMwb2ZVVnBkSkFNWDBjMVFjWgpiTEtmbkRvQWRnQ3d6SVBscGZsOWE2OThDY3dvU1FTSEtzZm9peE1zWTFDM3h2MG00V3hzZHdBQUFXTnFYMGtwCkFBQUVBd0JITUVVQ0lDMDRmYnpaM3BFQlRVUGhLa0JNQk9kTUJIakh1dmRVdm81MUNiajFraEhUQWlFQW5ZTG0KZTE1RHI2SFl0RStGRnpmdmtQSGxWZ3RLZnVEcUF2Mzl0VVhnanJ3d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQgpBSlBmVmc5SHJkQ05WdDQ4STg5cC9CTmlMbktMa3c5T1NkSmpBd095emxNZ21oMjJZdWJFay9XQ0dhRUJ6a0g5CjBSOWF5WlQ3RkhjU1NrYVdqT2MrQmpuWUswV2dGanVGaVZwdkdIMkJ1WWtZM3NXM2tsR2xPQlkxYmltZW1mdUYKU0U5Vlo5Nk5WQ21hbEI1NnVSS3dDRjJwQzFKeE16VnQ3MEtrbEk5V2hBQUd1RDZqWWJyZWhiYU5TMy9ObmV1SQp5U3lXeFBPOHVSTE44Y2VlTUJ1cnh5eHZMRWpXdXpGVkFld0RmMkFvSlpyQ3ppNERCNnZDbFdMOHhEYU52eE5hCjBlKzhSZEs1cmpzMWh6T1dRb05NWExBb0FSM1VtYWVmZkdINVVqbGlvRk11dW84TjhQdnNmVGRlU3ROaG40d1IKdi9idWJlTGRseHJZbk02OVdFTExxTzQ9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0KCi0tLS0tQkVHSU4gQ0VSVElGSUNBVEUtLS0tLQpNSUlFcXpDQ0FwT2dBd0lCQWdJUkFJdmhLZzVaUk8wOFZHUXg4SmRoVCtVd0RRWUpLb1pJaHZjTkFRRUxCUUF3CkdqRVlNQllHQTFVRUF3d1BSbUZyWlNCTVJTQlNiMjkwSUZneE1CNFhEVEUyTURVeU16SXlNRGMxT1ZvWERUTTIKTURVeU16SXlNRGMxT1Zvd0lqRWdNQjRHQTFVRUF3d1hSbUZyWlNCTVJTQkpiblJsY20xbFpHbGhkR1VnV0RFdwpnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEdFdLeVNEbjdyV1pjNWdnanozWkIwCjhqTzR4dGkzdXpJTmZENXNRN0xqN2h6ZXRVVCt3UW9iK2lYU1praG52eCtJdmRiWEY1L3l0OGFXUHBVS25QeW0Kb0x4c1lpSTVnUUJMeE5EekllYzBPSWFmbFdxQXIyOW03SjgrTk50QXBFTjhuWkZuZjNiaGVoWlc3QXhtUzFtMApablNzZEh3MEZ3K2JnaXhQZzJNUTlrOW9lZkZlcWErN0txZGx6NWJiclVZVjJ2b2x4aERGdG5JNE1oOEJpV0NOCnhESDFIaXpxK0dLQ2NIc2luRFpXdXJDcWRlci9hZkpCblFzK1NCU0w2TVZBcEh0K2QzNXpqQkQ5MmZPMkplNTYKZGhNZnpDZ09LWGVKMzQwV2hXM1RqRDF6cUxaWGVhQ3lVTlJuZk9tV1pWOG5FaHRIT0ZiVUNVN3IvS2tqTVpPOQpBZ01CQUFHamdlTXdnZUF3RGdZRFZSMFBBUUgvQkFRREFnR0dNQklHQTFVZEV3RUIvd1FJTUFZQkFmOENBUUF3CkhRWURWUjBPQkJZRUZNRE1BMGE1V0NETVhISnc4K0V1eXlDbTlXZzZNSG9HQ0NzR0FRVUZCd0VCQkc0d2JEQTAKQmdnckJnRUZCUWN3QVlZb2FIUjBjRG92TDI5amMzQXVjM1JuTFhKdmIzUXRlREV1YkdWMGMyVnVZM0o1Y0hRdQpiM0puTHpBMEJnZ3JCZ0VGQlFjd0FvWW9hSFIwY0RvdkwyTmxjblF1YzNSbkxYSnZiM1F0ZURFdWJHVjBjMlZ1ClkzSjVjSFF1YjNKbkx6QWZCZ05WSFNNRUdEQVdnQlRCSm5Ta2lrU2c1dm9nS05oY0k1cEZpQmg1NERBTkJna3EKaGtpRzl3MEJBUXNGQUFPQ0FnRUFCWVN1NElsK2ZJME1ZVTQyT1RtRWorMUhxUTVEdnlBZXlDQTZzR3VaZHdqRgpVR2VWT3YzTm5MeWZvZnVVT2pFYlk1aXJGQ0R0bnYrMGNrdWtVWk45bHo0UTJZaldHVXBXNFRUdTNpZVRzYUM5CkFGdkNTZ05ISnlXU1Z0V3ZCNVhEeHNxYXdsMUt6SHp6d3IxMzJiRjJydEd0YXpTcVZxSzlFMDdzR0hNQ2YrenAKRFFWRFZWR3RxWlBId1gzS3FVdGVmRTYyMWI4Ukk2VkNsNG9EMzBPbGY4cGp1ekc0SktCRlJGY2x6TFJqby9oNwpJa2tmalo4d0RhN2ZhT2pWWHg2bitlVVEyOWNJTUN6cjgvck5XSFM5cFlHR1FLSmlZMnhtVkM5aDEySDk5WHlmCnpXRTl2YjV6S1AzTVZHNm5lWDFoU2RvN1BFQWI5ZnFSaEhrcVZzcVV2SmxJUm12WHZWS1R3TkNQM2VDalJDQ0kKUFRBdmpWKzRuaTc4NmlYd3dGWU56OGwzUG1QTEN5UVhXR29obko4aUJtKzVuazdPMnluYVBWVzBVMlcrcHQydwpTVnV2ZERNNXpHdjJmOWx0TldVaVlaSEoxbW1POTdqU1kvNllmZE9VSDY2aVJ0UXREa0hCUmRrTkJzTWJEK0VtCjJUZ0JsZHRITlNKQmZCM3BtOUZibGdPY0owRlNXY1VEV0o3dk8wK05UWGxnclJvZlJUNnBWeXd6eFZvNmRORDAKV3pZbFRXZVVWc080MHhKcWhnVVFSRVI5WUxPTHhKME82QzhpMHhGeEFNS090U2RvZE1CM1JJd3Q3UkZRMHV5dApuNVo1TXFrWWhsTUkzSjF0UFJUcDFuRXQ5ZnlHc3BCT08wNWdpMTQ4UWFzcCszTitzdnFLb21vUWdsTm9BeFU9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K",
"Key": "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLqsqsdfqsdfqsdfFJQkFBS0NBZ0VBeDJKRHRQWHJxZjIyL1dOb091MStta09Ea3JvQ2N2dnh5d3FEc2NBRXROTWsrd1ZDCmJvQktza2N5bHJXZHRFMGNEZmEvajg0S0RUSVZXaEdwaEhpWTRaejR3SWxsdXBjTVdGUFoybW9FZTJoVmMrY3gKNjcxMEF6c0owSXdubGVLZlNjenJqRXlYOStqTkJ1VVI2cjBsWkp1cFhUVGZ5YWlTZmYwOWxvQVFibnVNK1huUwpJbUJJU2hJc1BLM1F5OXpGOUczWGxpdkljdDJHTFlMM09VMUhKZWJDSEJiR3JNVXZRS25WNmd4cW1jWHBaYzVJCituUU43WWNhMkhyZlVLRkN1YnI5WWNWTlVXbVN0UStLS2p5bUNBUEJsTUUyT1U2NHRNeFI2QlBHVlVyRUlsQVEKWnJrOVpiV2hpem44MmpGeWkwbHRSRllZWTFmTnJYSnRYQU5HRkFUTXNlSmQ5NDM4bURBTnh1Z3RaWUFtNjRnVgo0WUZNSUJCQWZqMXdoVExyeU9EeTFtMUNsUGFacWQwUU5mOVBwWWRKVlFhQXVSYVdSL3RlbldqcTRuZXhlMTNNCkE1cnZaUW9PNnFsSDZLdzVYS2NKZlBZSGtSQ2J2a0hkYzJBTStBOXUrRDVjWUVGUWZ1djRBRWhHa2Z6U0pRSy8KREpoWWtqb1hrYytQbzAxMzU3WFhBWlFkSkpvOHdzQ0dzVmw3Yk94UHU1WXZQQ2Q0UEV1UnB2cmZxTE1tY29veApnaCtCdmhoRFJET01BeXRRVXY4MGN6YkttVGFFSCtCZjdWdVZTUG94SXd3SFNpa1dMaDlGNEpGaXdqRndZTkplCnFtUlFqQjlRWjRRQmFpbHhxUEF6WmthRVpnbENjdy9rbFh1NVE4Q09CWlBDL28zNGxNZ091bkxIUlRVQ0F3RUEKQVFLQ0FnQldVbzdwekFjS0JCU3p3OVFlbnpCTzdhZ0xZSWtxNnpXV0tLazN6ZUM3d1Nham4zVlJqaTNJM2RaagpOYUpmcTNyWCtOcWJFaU43N3hFYmU4WWUybSttVG1YTVJqQkxCcGFMcjFJRXBCM29xQlZISnZPUUV1Z2xkZXdiCjVISkhER1RXZU9nS1NDY0xhRGxNSU9VTzhuRThDOERaMzhoNzhJWHNFallWOE1Bc2RVVmx4WDVhNzhDY2dSMngKNzdjVWJETXdUbFltYURKU3VPSWMxalRmRkR3WGhyN0hsbnpSMUZWTzg3anZxZ3lGSXhDWHlTWURlVGVHZlJYOApYOFpMakdYdEw2NEFKSUlERzJndkI5bFR6QW8rTWhJZnF6OGt0SlozZ0haOXVnSUdiMlpYVEw2dEdzb2dQUEVCCjdFc3kxSEc1S0VNc2NQSUNJTU9sc29MeWNXQm5Dc0pZNDF4RjJreWdMbnJtMGwyakFaeTNDNGIrS25zbDQvSTUKRXcrek1BU3ZFSXBycnBiaUFoajNETWIvek1CYmlnWjJCY2V6Y0FjQW15QlRwRkZ3N1c5NDZZMnFKeXVTQkxXbQo5Mkd3ZHdxZ09DeTVjbnlIdWRBbnN6eEtpUys0T0J6TEtEMStEZW5PalJtZmNncVBPcDJUOC8wdWNnRmZaWVYzCmtyMzk3QnhzT3VGclNtdHlnY2VrNkpnTkNraTdQYmx4T0VOaWpVN0RDNm9ta2E4eWZuWjhMWVNoSVVOWTlaZ1YKYXR4ZWpsZlJKb0tkQTAxQ3g4RjBiQ1dmdzZnd3dWbitJRno4VmJWMEo2SjVPS1lacUJqQkF6RUdMYWhqNklWeQpQY3hldHNiRVRwZVgxT2pRTUZNYUthOVNqVXUwTU1wNU5CQnJjSG1lQU4rRTd4MzZ5UUtDQVFFQTQ0d2R3ZUMrCkpGaFRLNTU2V0pVa29qNG1KaUJEaERFNzJVWThkdktoSXI1NW16WnEzYzdpcU0ya04xM28vNDRyRFc4MkNuVWoKV1BtaWJrbE00WkdwaUN5ZjA3bmlIeDVlK3BFdnpwOVFuMENQRGVCRnBRWDNxdG1PaXNsTEVyRW8yWVQrYzBldQpZczFUcloyNjBWcnNSV3R3QnpmQ3h2bzV3R24vQ2RXQW11U1NqeE84T2dOTDdVTjZPU1dQbHBDSFNsTGQwNFBOCjFHaEV3bkVUMURzWTNQTTRISVB0ZeFRvRWJIZnFWck41aFpZUTV1cHVTcy91MmdmQnJJaG4zbWV1S2hUbWwxZwp3RGxadWZtYmEzSVhTaEw3a09PWnp6SWV1UDZDL0xZM2syRFY0bDRTeWt1cTUxNE1sUC9kQ01VYk5sU3hqclc1MUpraGNtYm5uUTVTN2dVY24vSkRkcEE3ST0KLS0tLS1FTkQgUlNBIFBSSVZBVEUgS0VZLS0tLS0K"
}
],
"HTTPChallenges": null
}
I searched everywhere on web but no one seems to get that king of issue. The trafik documentation is pretty short and well explain. Is someone can help me ? I feel that there is a little glitch but I can't put the finger on it.
Thanks !
It's not possible to use both challenge at the same time
When you use this configuration, in fact, only the DNS challenge is used.
You need to change the permissions of the
acme.jsonto 600.