I am currently deploying the LAMP platform on an AWS EC2 instance using Traefik and attempting to issue an SSL certificate through Let’s Encrypt. However, I am encountering an issue where the certificate is not being issued, and the default TRAEFIK DEFAULT CERT is being applied. I have reviewed the configuration and logs multiple times, but the SSL certificate is not being issued, and the acme.json file remains empty.
Below is a summary of the situation and the actions I have taken so far:
Current Situation:
- Traefik version: 3.1.5
- Domain:
api.inspire-y.com - Issue: Let’s Encrypt is not issuing the SSL certificate, and Traefik is using the TRAEFIK DEFAULT CERT. Additionally, the
acme.jsonfile is empty. - Logs: There are no clear error messages related to the certificate issuance in the Traefik logs.
[ec2-user@inspire-y ~]$ curl -k https://api.inspire-y.com/ -v
* Trying 13.209.109.93:443...
* Connected to api.inspire-y.com (13.209.109.93) port 443
* ALPN: curl offers h2,http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN: server accepted h2
* Server certificate:
* subject: CN=TRAEFIK DEFAULT CERT
* start date: Oct 9 10:07:55 2024 GMT
* expire date: Oct 9 10:07:55 2025 GMT
* issuer: CN=TRAEFIK DEFAULT CERT
* SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://api.inspire-y.com/
* [HTTP/2] [1] [:method: GET]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: api.inspire-y.com]
* [HTTP/2] [1] [:path: /]
* [HTTP/2] [1] [user-agent: curl/8.3.0]
* [HTTP/2] [1] [accept: */*]
> GET / HTTP/2
> Host: api.inspire-y.com
> User-Agent: curl/8.3.0
> Accept: */*
>
< HTTP/2 404
< content-type: text/plain; charset=utf-8
< x-content-type-options: nosniff
< content-length: 19
< date: Wed, 09 Oct 2024 11:58:20 GMT
<
404 page not found
* Connection #0 to host api.inspire-y.com left intact
Actions Taken:
1. Traefik Configuration:
- Both the
traefik.ymlandlamp.ymlfiles were written exactly as provided in the documentation at Deploying the LAMP Platform | LAMP Platform.
However, I did remove the line- "--providers.docker.swarmMode=true"from thetraefik.ymlfile.
2. Port Configuration:
- Ports 80 and 443 have been opened for external access in the AWS EC2 security group.
3. DNS Configuration:
- The domain
api.inspire-y.comis correctly resolving to the IP address, verified through thedigcommand.
4. Traefik Logs:
- The logs do not display any errors related to the certificate issuance process, and I only see 404 errors in the responses.
Could you advise on any additional areas I should check or configurations I may have missed to resolve this issue? Specifically, any insights on potential issues with the interaction between Traefik and Let’s Encrypt would be greatly appreciated.
Thank you for your help.
