I am facing an issue using the stable/traefik helm chart. The DNS record for traefik.example.org (the dashboard) is working but my Let's Encrypt certificate gets invalid. I use DNS-01 for the challenge.
Here is my values.yml:
ssl:
enabled: true
enforced: true
acme:
enabled: true
challengeType: "dns-01"
dnsProvider:
name: ovh
existingSecretName: ""
ovh:
OVH_ENDPOINT: "ovh-eu"
OVH_APPLICATION_KEY: "<key>"
OVH_APPLICATION_SECRET: "<secret-key>"
OVH_CONSUMER_KEY: "<consumer-key>"
email: contact@example.org
onHostRule: true
staging: true
logging: true
# Configure a Let's Encrypt certificate to be managed by default.
# This is the only way to request wildcard certificates (works only with dns challenge).
domains:
enabled: true
# List of sets of main and (optional) SANs to generate for
# for wildcard certificates see https://docs.traefik.io/configuration/acme/#wildcard-domains
domainsList:
- main: "*.example.org"
- sans:
- "example.org"
Helm install: helm install stable/traefik --name traefik -f values.yml --set dashboard.enabled=true,dashboard.domain=traefik.example.org --set rbac.enabled=true --set ssl.enabled=true,ssl.enforced=true,acme.enabled=true,acme.email=contact@example.org
traefik logs
{"level":"info","msg":"Using TOML configuration file /config/traefik.toml","time":"2019-04-21T12:52:09Z"}
{"level":"info","msg":"No tls.defaultCertificate given for https: using the first item in tls.certificates as a fallback.","time":"2019-04-21T12:52:09Z"}
{"level":"info","msg":"Traefik version v1.7.9 built on 2019-02-11_11:36:32AM","time":"2019-04-21T12:52:09Z"}
{"level":"debug","msg":"Global configuration loaded {"LifeCycle":{"RequestAcceptGraceTimeout":0,"GraceTimeOut":10000000000},"GraceTimeOut":0,"Debug":true,"CheckNewVersion":true,"SendAnonymousUsage":false,"AccessLogsFile":"","AccessLog":null,"TraefikLogsFile":"","TraefikLog":{"format":"json"},"Tracing":null,"LogLevel":"","EntryPoints":{"http":{"Address":":80","TLS":null,"Redirect":{"regex":"^http://(.*)","replacement":"https://$1"},"Auth":null,"WhitelistSourceRange":null,"WhiteList":null,"Compress":true,"ProxyProtocol":null,"ForwardedHeaders":{"Insecure":true,"TrustedIPs":null}},"https":{"Address":":443","TLS":{"MinVersion":"","CipherSuites":null,"Certificates":[{"CertFile":"/ssl/tls.crt","KeyFile":"/ssl/tls.key"}],"ClientCAFiles":null,"ClientCA":{"Files":null,"Optional":false},"DefaultCertificate":{"CertFile":"/ssl/tls.crt","KeyFile":"/ssl/tls.key"},"SniStrict":false},"Redirect":null,"Auth":null,"WhitelistSourceRange":null,"WhiteList":null,"Compress":true,"ProxyProtocol":null,"ForwardedHeaders":{"Insecure":true,"TrustedIPs":null}},"traefik":{"Address":":8080","TLS":null,"Redirect":null,"Auth":{"basic":{"users":["traefik:$apr1$WJ9uAGz0$eQEQP39N8Z95G6ZEUCR3m."]}},"WhitelistSourceRange":null,"WhiteList":null,"Compress":false,"ProxyProtocol":null,"ForwardedHeaders":{"Insecure":true,"TrustedIPs":null}}},"Cluster":null,"Constraints":[],"ACME":{"Email":"support@example.org","Domains":[{"Main":"*.example.org","SANs":["example.org"]}],"Storage":"/acme/acme.json","StorageFile":"","OnDemand":false,"OnHostRule":true,"CAServer":"https://acme-staging-v02.api.letsencrypt.org/directory","EntryPoint":"https","KeyType":"","DNSChallenge":{"Provider":"ovh","DelayBeforeCheck":0,"Resolvers":null,"DisablePropagationCheck":false},"HTTPChallenge":null,"TLSChallenge":null,"DNSProvider":"","DelayDontCheckDNS":0,"ACMELogging":true,"OverrideCertificates":false,"TLSConfig":null},"DefaultEntryPoints":["http","https"],"ProvidersThrottleDuration":2000000000,"MaxIdleConnsPerHost":200,"IdleTimeout":0,"InsecureSkipVerify":false,"RootCAs":null,"Retry":null,"HealthCheck":{"Interval":30000000000},"RespondingTimeouts":null,"ForwardingTimeouts":null,"AllowMinWeightZero":false,"KeepTrailingSlash":false,"Web":null,"Docker":null,"File":null,"Marathon":null,"Consul":null,"ConsulCatalog":null,"Etcd":null,"Zookeeper":null,"Boltdb":null,"Kubernetes":{"Watch":true,"Filename":"","Constraints":[],"Trace":false,"TemplateVersion":0,"DebugLogGeneratedTemplate":false,"Endpoint":"","Token":"","CertAuthFilePath":"","DisablePassHostHeaders":false,"EnablePassTLSCert":false,"Namespaces":null,"LabelSelector":"","IngressClass":"","IngressEndpoint":null},"Mesos":null,"Eureka":null,"ECS":null,"Rancher":null,"DynamoDB":null,"ServiceFabric":null,"Rest":null,"API":{"EntryPoint":"traefik","Dashboard":true,"Debug":true,"CurrentConfigurations":null,"Statistics":null},"Metrics":null,"Ping":null,"HostResolver":null}","time":"2019-04-21T12:52:09Z"}
{"level":"info","msg":"
Stats collection is disabled.
Help us improve Traefik by turning this feature on :)
More details on: https://docs.traefik.io/basics/#collected-data
","time":"2019-04-21T12:52:09Z"}
{"level":"debug","msg":"Setting Acme Certificate store from Entrypoint: https","time":"2019-04-21T12:52:09Z"}
{"level":"debug","msg":"Add certificate for domains *.example.com","time":"2019-04-21T12:52:09Z"}
{"level":"info","msg":"Preparing server traefik &{Address::8080 TLS:<nil> Redirect:<nil> Auth:0xc000534360 WhitelistSourceRange:[] WhiteList:<nil> Compress:false ProxyProtocol:<nil> ForwardedHeaders:0xc00042e4c0} with readTimeout=0s writeTimeout=0s idleTimeout=3m0s","time":"2019-04-21T12:52:09Z"}
{"level":"debug","msg":"Creating regex redirect http -> ^http://(.*) -> https://$1","time":"2019-04-21T12:52:09Z"}
{"level":"info","msg":"Preparing server http &{Address::80 TLS:<nil> Redirect:0xc0002438c0 Auth:<nil> WhitelistSourceRange:[] WhiteList:<nil> Compress:true ProxyProtocol:<nil> ForwardedHeaders:0xc00042e4e0} with readTimeout=0s writeTimeout=0s idleTimeout=3m0s","time":"2019-04-21T12:52:09Z"}
{"level":"info","msg":"Preparing server https &{Address::443 TLS:0xc0002b30e0 Redirect:<nil> Auth:<nil> WhitelistSourceRange:[] WhiteList:<nil> Compress:true ProxyProtocol:<nil> ForwardedHeaders:0xc00042e480} with readTimeout=0s writeTimeout=0s idleTimeout=3m0s","time":"2019-04-21T12:52:09Z"}
{"level":"debug","msg":"Add certificate for domains *.example.com","time":"2019-04-21T12:52:09Z"}
{"level":"info","msg":"Starting provider configuration.ProviderAggregator {}","time":"2019-04-21T12:52:09Z"}
{"level":"info","msg":"Starting server on :8080","time":"2019-04-21T12:52:09Z"}
{"level":"info","msg":"Starting server on :80","time":"2019-04-21T12:52:09Z"}
{"level":"info","msg":"Starting server on :443","time":"2019-04-21T12:52:09Z"}
{"level":"info","msg":"Starting provider *kubernetes.Provider {"Watch":true,"Filename":"","Constraints":[],"Trace":false,"TemplateVersion":0,"DebugLogGeneratedTemplate":false,"Endpoint":"","Token":"","CertAuthFilePath":"","DisablePassHostHeaders":false,"EnablePassTLSCert":false,"Namespaces":null,"LabelSelector":"","IngressClass":"","IngressEndpoint":null}","time":"2019-04-21T12:52:09Z"}
{"level":"info","msg":"Starting provider *acme.Provider {"Email":"support@example.org","ACMELogging":true,"CAServer":"https://acme-staging-v02.api.letsencrypt.org/directory","Storage":"/acme/acme.json","EntryPoint":"https","KeyType":"","OnHostRule":true,"OnDemand":false,"DNSChallenge":{"Provider":"ovh","DelayBeforeCheck":0,"Resolvers":null,"DisablePropagationCheck":false},"HTTPChallenge":null,"TLSChallenge":null,"Domains":[{"Main":"*.example.org","SANs":["example.org"]}],"Store":{}}","time":"2019-04-21T12:52:09Z"}
{"level":"info","msg":"Testing certificate renew...","time":"2019-04-21T12:52:09Z"}
{"level":"debug","msg":"Using Ingress label selector: ""","time":"2019-04-21T12:52:09Z"}
{"level":"info","msg":"ingress label selector is: ""","time":"2019-04-21T12:52:09Z"}
{"level":"info","msg":"Creating in-cluster Provider client","time":"2019-04-21T12:52:09Z"}
{"level":"debug","msg":"Configuration received from provider ACME: {}","time":"2019-04-21T12:52:09Z"}
{"level":"debug","msg":"Looking for provided certificate(s) to validate ["*.example.org" "example.org"]...","time":"2019-04-21T12:52:09Z"}
{"level":"debug","msg":"Domains ["*.example.org" "example.org"] need ACME certificates generation for domains "*.example.org,example.org".","time":"2019-04-21T12:52:09Z"}
{"level":"debug","msg":"Loading ACME certificates [*.example.org example.org]...","time":"2019-04-21T12:52:09Z"}
{"level":"info","msg":"The key type is empty. Use default key type 4096.","time":"2019-04-21T12:52:09Z"}
{"level":"debug","msg":"Add certificate for domains *.example.com","time":"2019-04-21T12:52:09Z"}
{"level":"info","msg":"Server configuration reloaded on :443","time":"2019-04-21T12:52:09Z"}
{"level":"info","msg":"Server configuration reloaded on :8080","time":"2019-04-21T12:52:09Z"}
{"level":"info","msg":"Server configuration reloaded on :80","time":"2019-04-21T12:52:09Z"}
{"level":"debug","msg":"Received Kubernetes event kind *v1.Service","time":"2019-04-21T12:52:09Z"}
{"level":"error","msg":"Service not found for kube-system/traefik-web-ui","time":"2019-04-21T12:52:09Z"}
{"level":"warning","msg":"Endpoints not available for default/traefik-dashboard","time":"2019-04-21T12:52:09Z"}
{"level":"debug","msg":"Configuration received from provider kubernetes: {"backends":{"traefik-ui.minikube/":{"loadBalancer":{"method":"wrr"}},"traefik.example.org":{"loadBalancer":{"method":"wrr"}}},"frontends":{"traefik.example.org":{"entryPoints":["http","https"],"backend":"traefik.example.org","routes":{"traefik.example.org":{"rule":"Host:traefik.example.org"}},"passHostHeader":true,"priority":0,"basicAuth":null}}}","time":"2019-04-21T12:52:09Z"}
{"level":"debug","msg":"Add certificate for domains *.example.com","time":"2019-04-21T12:52:09Z"}
{"level":"debug","msg":"Wiring frontend traefik.example.org to entryPoint http","time":"2019-04-21T12:52:09Z"}
{"level":"debug","msg":"Creating backend traefik.example.org","time":"2019-04-21T12:52:09Z"}
{"level":"debug","msg":"Adding TLSClientHeaders middleware for frontend traefik.example.org","time":"2019-04-21T12:52:09Z"}
{"level":"debug","msg":"Creating load-balancer wrr","time":"2019-04-21T12:52:09Z"}
{"level":"debug","msg":"Creating route traefik.example.org Host:traefik.example.org","time":"2019-04-21T12:52:09Z"}
{"level":"debug","msg":"Wiring frontend traefik.example.org to entryPoint https","time":"2019-04-21T12:52:09Z"}
{"level":"debug","msg":"Creating backend traefik.example.org","time":"2019-04-21T12:52:09Z"}
{"level":"debug","msg":"Adding TLSClientHeaders middleware for frontend traefik.example.org","time":"2019-04-21T12:52:09Z"}
{"level":"debug","msg":"Creating load-balancer wrr","time":"2019-04-21T12:52:09Z"}
{"level":"debug","msg":"Creating route traefik.example.org Host:traefik.example.org","time":"2019-04-21T12:52:09Z"}
{"level":"info","msg":"Server configuration reloaded on :443","time":"2019-04-21T12:52:09Z"}
{"level":"info","msg":"Server configuration reloaded on :8080","time":"2019-04-21T12:52:09Z"}
{"level":"info","msg":"Server configuration reloaded on :80","time":"2019-04-21T12:52:09Z"}
{"level":"debug","msg":"Try to challenge certificate for domain [traefik.example.org] founded in Host rule","time":"2019-04-21T12:52:09Z"}
{"level":"debug","msg":"Looking for provided certificate(s) to validate ["traefik.example.org"]...","time":"2019-04-21T12:52:09Z"}
{"level":"debug","msg":"No ACME certificate generation required for domains ["traefik.example.org"].","time":"2019-04-21T12:52:09Z"}
{"level":"debug","msg":"Received Kubernetes event kind *v1.Secret","time":"2019-04-21T12:52:09Z"}
{"level":"error","msg":"Service not found for kube-system/traefik-web-ui","time":"2019-04-21T12:52:09Z"}
{"level":"warning","msg":"Endpoints not available for default/traefik-dashboard","time":"2019-04-21T12:52:09Z"}
{"level":"debug","msg":"Skipping Kubernetes event kind *v1.Secret","time":"2019-04-21T12:52:09Z"}
{"level":"debug","msg":"Received Kubernetes event kind *v1.Secret","time":"2019-04-21T12:52:09Z"}
{"level":"error","msg":"Service not found for kube-system/traefik-web-ui","time":"2019-04-21T12:52:09Z"}
{"level":"warning","msg":"Endpoints not available for default/traefik-dashboard","time":"2019-04-21T12:52:09Z"}
{"level":"debug","msg":"Skipping Kubernetes event kind *v1.Secret","time":"2019-04-21T12:52:09Z"}
{"level":"debug","msg":"Received Kubernetes event kind *v1.Endpoints","time":"2019-04-21T12:52:09Z"}
{"level":"error","msg":"Service not found for kube-system/traefik-web-ui","time":"2019-04-21T12:52:09Z"}
{"level":"debug","msg":"Skipping Kubernetes event kind *v1.Endpoints","time":"2019-04-21T12:52:09Z"}
{"level":"debug","msg":"Received Kubernetes event kind *v1.Endpoints","time":"2019-04-21T12:52:09Z"}
{"level":"error","msg":"Service not found for kube-system/traefik-web-ui","time":"2019-04-21T12:52:09Z"}
{"level":"debug","msg":"Skipping Kubernetes event kind *v1.Endpoints","time":"2019-04-21T12:52:09Z"}
{"level":"debug","msg":"Received Kubernetes event kind *v1.Endpoints","time":"2019-04-21T12:52:10Z"}
{"level":"error","msg":"Service not found for kube-system/traefik-web-ui","time":"2019-04-21T12:52:10Z"}
{"level":"debug","msg":"Skipping Kubernetes event kind *v1.Endpoints","time":"2019-04-21T12:52:10Z"}
{"level":"debug","msg":"Received Kubernetes event kind *v1.Endpoints","time":"2019-04-21T12:52:11Z"}
{"level":"error","msg":"Service not found for kube-system/traefik-web-ui","time":"2019-04-21T12:52:11Z"}
{"level":"debug","msg":"Skipping Kubernetes event kind *v1.Endpoints","time":"2019-04-21T12:52:11Z"}
{"level":"debug","msg":"Received Kubernetes event kind *v1.Service","time":"2019-04-21T12:52:11Z"}
{"level":"error","msg":"Service not found for kube-system/traefik-web-ui","time":"2019-04-21T12:52:11Z"}
{"level":"debug","msg":"Skipping Kubernetes event kind *v1.Service","time":"2019-04-21T12:52:11Z"}
{"level":"debug","msg":"Building ACME client...","time":"2019-04-21T12:52:11Z"}
{"level":"debug","msg":"https://acme-staging-v02.api.letsencrypt.org/directory","time":"2019-04-21T12:52:11Z"}
{"level":"info","msg":"Register...","time":"2019-04-21T12:52:11Z"}
{"level":"info","msg":"legolog: [INFO] acme: Registering account for support@example.org","time":"2019-04-21T12:52:11Z"}
{"level":"debug","msg":"Received Kubernetes event kind *v1.Endpoints","time":"2019-04-21T12:52:12Z"}
{"level":"error","msg":"Service not found for kube-system/traefik-web-ui","time":"2019-04-21T12:52:12Z"}
{"level":"debug","msg":"Skipping Kubernetes event kind *v1.Endpoints","time":"2019-04-21T12:52:12Z"}
{"level":"debug","msg":"Using DNS Challenge provider: ovh","time":"2019-04-21T12:52:12Z"}
{"level":"info","msg":"legolog: [INFO] [*.example.org, example.org] acme: Obtaining bundled SAN certificate","time":"2019-04-21T12:52:12Z"}
{"level":"debug","msg":"Received Kubernetes event kind *v1.Endpoints","time":"2019-04-21T12:52:13Z"}
{"level":"error","msg":"Service not found for kube-system/traefik-web-ui","time":"2019-04-21T12:52:13Z"}
{"level":"debug","msg":"Skipping Kubernetes event kind *v1.Endpoints","time":"2019-04-21T12:52:13Z"}
{"level":"info","msg":"legolog: [INFO] [*.example.org] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz/<code>","time":"2019-04-21T12:52:13Z"}
{"level":"info","msg":"legolog: [INFO] [example.org] AuthURL: https://acme-staging-v02.api.letsencrypt.org/acme/authz/<code>Y","time":"2019-04-21T12:52:13Z"}
{"level":"info","msg":"legolog: [INFO] [*.example.org] acme: use dns-01 solver","time":"2019-04-21T12:52:13Z"}
{"level":"info","msg":"legolog: [INFO] [example.org] acme: Could not find solver for: tls-alpn-01","time":"2019-04-21T12:52:13Z"}
{"level":"info","msg":"legolog: [INFO] [example.org] acme: Could not find solver for: http-01","time":"2019-04-21T12:52:13Z"}
{"level":"info","msg":"legolog: [INFO] [example.org] acme: use dns-01 solver","time":"2019-04-21T12:52:13Z"}
{"level":"info","msg":"legolog: [INFO] [*.example.org] acme: Preparing to solve DNS-01","time":"2019-04-21T12:52:13Z"}
{"level":"info","msg":"legolog: [INFO] [example.org] acme: Preparing to solve DNS-01","time":"2019-04-21T12:52:13Z"}
{"level":"info","msg":"legolog: [INFO] [*.example.org] acme: Trying to solve DNS-01","time":"2019-04-21T12:52:13Z"}
{"level":"info","msg":"legolog: [INFO] [*.example.org] acme: Checking DNS record propagation using [10.0.0.10:53]","time":"2019-04-21T12:52:13Z"}
{"level":"info","msg":"legolog: [INFO] Wait for propagation [timeout: 1m0s, interval: 2s]","time":"2019-04-21T12:52:13Z"}
{"level":"info","msg":"legolog: [INFO] [*.example.org] acme: Waiting for DNS record propagation.","time":"2019-04-21T12:52:13Z"}
{"level":"debug","msg":"Received Kubernetes event kind *v1.Endpoints","time":"2019-04-21T12:52:14Z"}
{"level":"error","msg":"Service not found for kube-system/traefik-web-ui","time":"2019-04-21T12:52:14Z"}
{"level":"debug","msg":"Skipping Kubernetes event kind *v1.Endpoints","time":"2019-04-21T12:52:14Z"}
{"level":"debug","msg":"Received Kubernetes event kind *v1.Endpoints","time":"2019-04-21T12:52:15Z"}
{"level":"error","msg":"Service not found for kube-system/traefik-web-ui","time":"2019-04-21T12:52:15Z"}
{"level":"debug","msg":"Skipping Kubernetes event kind *v1.Endpoints","time":"2019-04-21T12:52:15Z"}
{"level":"debug","msg":"Received Kubernetes event kind *v1.Endpoints","time":"2019-04-21T12:52:16Z"}
{"level":"error","msg":"Service not found for kube-system/traefik-web-ui","time":"2019-04-21T12:52:16Z"}
{"level":"debug","msg":"Skipping Kubernetes event kind *v1.Endpoints","time":"2019-04-21T12:52:16Z"}
{"level":"debug","msg":"Received Kubernetes event kind *v1.Endpoints","time":"2019-04-21T12:52:17Z"}
{"level":"error","msg":"Service not found for kube-system/traefik-web-ui","time":"2019-04-21T12:52:17Z"}
{"level":"debug","msg":"Skipping Kubernetes event kind *v1.Endpoints","time":"2019-04-21T12:52:17Z"}
{"level":"debug","msg":"Received Kubernetes event kind *v1.Endpoints","time":"2019-04-21T12:52:18Z"}
{"level":"error","msg":"Service not found for kube-system/traefik-web-ui","time":"2019-04-21T12:52:18Z"}
{"level":"debug","msg":"Skipping Kubernetes event kind *v1.Endpoints","time":"2019-04-21T12:52:18Z"}
{"level":"debug","msg":"Received Kubernetes event kind *v1.Endpoints","time":"2019-04-21T12:52:19Z"}
{"level":"error","msg":"Service not found for kube-system/traefik-web-ui","time":"2019-04-21T12:52:19Z"}
{"level":"debug","msg":"Skipping Kubernetes event kind *v1.Endpoints","time":"2019-04-21T12:52:19Z"}
{"level":"debug","msg":"Received Kubernetes event kind *v1.Endpoints","time":"2019-04-21T12:52:20Z"}
{"level":"error","msg":"Service not found for kube-system/traefik-web-ui","time":"2019-04-21T12:52:20Z"}
{"level":"debug","msg":"Skipping Kubernetes event kind *v1.Endpoints","time":"2019-04-21T12:52:20Z"}
{"level":"debug","msg":"Received Kubernetes event kind *v1.Endpoints","time":"2019-04-21T12:52:21Z"}
{"level":"error","msg":"Service not found for kube-system/traefik-web-ui","time":"2019-04-21T12:52:21Z"}
{"level":"debug","msg":"Skipping Kubernetes event kind *v1.Endpoints","time":"2019-04-21T12:52:21Z"}
{"level":"debug","msg":"Received Kubernetes event kind *v1.Endpoints","time":"2019-04-21T12:52:22Z"}
{"level":"error","msg":"Service not found for kube-system/traefik-web-ui","time":"2019-04-21T12:52:22Z"}
{"level":"debug","msg":"Skipping Kubernetes event kind *v1.Endpoints","time":"2019-04-21T12:52:22Z"}
{"level":"info","msg":"legolog: [INFO] [*.example.org] The server validated our request","time":"2019-04-21T12:52:22Z"}
{"level":"info","msg":"legolog: [INFO] [example.org] acme: Trying to solve DNS-01","time":"2019-04-21T12:52:22Z"}
{"level":"info","msg":"legolog: [INFO] [example.org] acme: Checking DNS record propagation using [10.0.0.10:53]","time":"2019-04-21T12:52:22Z"}
{"level":"info","msg":"legolog: [INFO] Wait for propagation [timeout: 1m0s, interval: 2s]","time":"2019-04-21T12:52:22Z"}
{"level":"debug","msg":"Received Kubernetes event kind *v1.Endpoints","time":"2019-04-21T12:52:23Z"}
{"level":"error","msg":"Service not found for kube-system/traefik-web-ui","time":"2019-04-21T12:52:23Z"}
{"level":"debug","msg":"Skipping Kubernetes event kind *v1.Endpoints","time":"2019-04-21T12:52:23Z"}
{"level":"debug","msg":"Received Kubernetes event kind *v1.Endpoints","time":"2019-04-21T12:52:24Z"}
{"level":"error","msg":"Service not found for kube-system/traefik-web-ui","time":"2019-04-21T12:52:24Z"}
{"level":"debug","msg":"Skipping Kubernetes event kind *v1.Endpoints","time":"2019-04-21T12:52:24Z"}
{"level":"debug","msg":"Received Kubernetes event kind *v1.Endpoints","time":"2019-04-21T12:52:25Z"}
{"level":"error","msg":"Service not found for kube-system/traefik-web-ui","time":"2019-04-21T12:52:25Z"}
{"level":"debug","msg":"Skipping Kubernetes event kind *v1.Endpoints","time":"2019-04-21T12:52:25Z"}
{"level":"debug","msg":"Received Kubernetes event kind *v1.Endpoints","time":"2019-04-21T12:52:25Z"}
{"level":"error","msg":"Service not found for kube-system/traefik-web-ui","time":"2019-04-21T12:52:25Z"}
{"level":"debug","msg":"Configuration received from provider kubernetes: {"backends":{"traefik-ui.minikube/":{"loadBalancer":{"method":"wrr"}},"traefik.example.org":{"servers":{"traefik-7f5b8bdf9c-gb8sk":{"url":"http://10.244.1.118:8080","weight":1}},"loadBalancer":{"method":"wrr"}}},"frontends":{"traefik.example.org":{"entryPoints":["http","https"],"backend":"traefik.example.org","routes":{"traefik.example.org":{"rule":"Host:traefik.example.org"}},"passHostHeader":true,"priority":0,"basicAuth":null}}}","time":"2019-04-21T12:52:25Z"}
{"level":"debug","msg":"Add certificate for domains *.example.com","time":"2019-04-21T12:52:25Z"}
{"level":"debug","msg":"Received Kubernetes event kind *v1.Endpoints","time":"2019-04-21T12:52:25Z"}
{"level":"error","msg":"Service not found for kube-system/traefik-web-ui","time":"2019-04-21T12:52:25Z"}
{"level":"debug","msg":"Skipping Kubernetes event kind *v1.Endpoints","time":"2019-04-21T12:52:25Z"}
{"level":"debug","msg":"Wiring frontend traefik.example.org to entryPoint http","time":"2019-04-21T12:52:25Z"}
{"level":"debug","msg":"Creating backend traefik.example.org","time":"2019-04-21T12:52:25Z"}
{"level":"debug","msg":"Adding TLSClientHeaders middleware for frontend traefik.example.org","time":"2019-04-21T12:52:25Z"}
{"level":"debug","msg":"Creating load-balancer wrr","time":"2019-04-21T12:52:25Z"}
{"level":"debug","msg":"Creating server traefik-7f5b8bdf9c-gb8sk at http://10.244.1.118:8080 with weight 1","time":"2019-04-21T12:52:25Z"}
{"level":"debug","msg":"Creating route traefik.example.org Host:traefik.example.org","time":"2019-04-21T12:52:25Z"}
{"level":"debug","msg":"Wiring frontend traefik.example.org to entryPoint https","time":"2019-04-21T12:52:25Z"}
{"level":"debug","msg":"Creating backend traefik.example.org","time":"2019-04-21T12:52:25Z"}
{"level":"debug","msg":"Adding TLSClientHeaders middleware for frontend traefik.example.org","time":"2019-04-21T12:52:25Z"}
{"level":"debug","msg":"Creating load-balancer wrr","time":"2019-04-21T12:52:25Z"}
{"level":"debug","msg":"Creating server traefik-7f5b8bdf9c-gb8sk at http://10.244.1.118:8080 with weight 1","time":"2019-04-21T12:52:25Z"}
{"level":"debug","msg":"Creating route traefik.example.org Host:traefik.example.org","time":"2019-04-21T12:52:25Z"}
{"level":"info","msg":"Server configuration reloaded on :443","time":"2019-04-21T12:52:25Z"}
{"level":"info","msg":"Server configuration reloaded on :8080","time":"2019-04-21T12:52:25Z"}
{"level":"info","msg":"Server configuration reloaded on :80","time":"2019-04-21T12:52:25Z"}
{"level":"debug","msg":"Try to challenge certificate for domain [traefik.example.org] founded in Host rule","time":"2019-04-21T12:52:25Z"}
{"level":"debug","msg":"Looking for provided certificate(s) to validate ["traefik.example.org"]...","time":"2019-04-21T12:52:25Z"}
{"level":"debug","msg":"No ACME certificate generation required for domains ["traefik.example.org"].","time":"2019-04-21T12:52:25Z"}
{"level":"error","msg":"Service not found for kube-system/traefik-web-ui","time":"2019-04-21T12:52:27Z"}
{"level":"error","msg":"Service not found for kube-system/traefik-web-ui","time":"2019-04-21T12:52:28Z"}
{"level":"error","msg":"Service not found for kube-system/traefik-web-ui","time":"2019-04-21T12:52:29Z"}
{"level":"debug","msg":"Skipping Kubernetes event kind *v1.Endpoints","time":"2019-04-21T12:52:29Z"}
{"level":"info","msg":"legolog: [INFO] [example.org] The server validated our request","time":"2019-04-21T12:52:30Z"}
{"level":"info","msg":"legolog: [INFO] [*.example.org] acme: Cleaning DNS-01 challenge","time":"2019-04-21T12:52:30Z"}
{"level":"debug","msg":"Received Kubernetes event kind *v1.Endpoints","time":"2019-04-21T12:52:30Z"}
{"level":"error","msg":"Service not found for kube-system/traefik-web-ui","time":"2019-04-21T12:52:30Z"}
{"level":"debug","msg":"Skipping Kubernetes event kind *v1.Endpoints","time":"2019-04-21T12:52:30Z"}
{"level":"info","msg":"legolog: [INFO] [example.org] acme: Cleaning DNS-01 challenge","time":"2019-04-21T12:52:30Z"}
{"level":"info","msg":"legolog: [WARN] [example.org] acme: error cleaning up: ovh: unknown record ID for '_acme-challenge.example.org.' ","time":"2019-04-21T12:52:30Z"}
{"level":"info","msg":"legolog: [INFO] [*.example.org, example.org] acme: Validations succeeded; requesting certificates","time":"2019-04-21T12:52:30Z"}
{"level":"debug","msg":"Received Kubernetes event kind *v1.Endpoints","time":"2019-04-21T12:52:31Z"}
{"level":"error","msg":"Service not found for kube-system/traefik-web-ui","time":"2019-04-21T12:52:31Z"}
{"level":"debug","msg":"Skipping Kubernetes event kind *v1.Endpoints","time":"2019-04-21T12:52:31Z"}
{"level":"debug","msg":"http: TLS handshake error from 10.244.1.1:57949: EOF","time":"2019-04-21T12:52:31Z"}
{"level":"debug","msg":"http: TLS handshake error from 10.240.0.4:57060: EOF","time":"2019-04-21T12:52:31Z"}
{"level":"debug","msg":"Received Kubernetes event kind *v1.Endpoints","time":"2019-04-21T12:52:32Z"}
{"level":"error","msg":"Service not found for kube-system/traefik-web-ui","time":"2019-04-21T12:52:32Z"}
{"level":"debug","msg":"Skipping Kubernetes event kind *v1.Endpoints","time":"2019-04-21T12:52:32Z"}
{"level":"info","msg":"legolog: [INFO] [*.example.org] Server responded with a certificate.","time":"2019-04-21T12:52:32Z"}
{"level":"debug","msg":"Certificates obtained for domains [*.example.org example.org]","time":"2019-04-21T12:52:32Z"}
{"level":"debug","msg":"Configuration received from provider ACME: {}","time":"2019-04-21T12:52:32Z"}
{"level":"debug","msg":"Add certificate for domains *.example.com","time":"2019-04-21T12:52:32Z"}
{"level":"debug","msg":"Wiring frontend traefik.example.org to entryPoint http","time":"2019-04-21T12:52:32Z"}
{"level":"debug","msg":"Creating backend traefik.example.org","time":"2019-04-21T12:52:32Z"}
{"level":"debug","msg":"Adding TLSClientHeaders middleware for frontend traefik.example.org","time":"2019-04-21T12:52:32Z"}
{"level":"debug","msg":"Creating load-balancer wrr","time":"2019-04-21T12:52:32Z"}
{"level":"debug","msg":"Creating server traefik-7f5b8bdf9c-gb8sk at http://10.244.1.118:8080 with weight 1","time":"2019-04-21T12:52:32Z"}
{"level":"debug","msg":"Creating route traefik.example.org Host:traefik.example.org","time":"2019-04-21T12:52:32Z"}
{"level":"debug","msg":"Wiring frontend traefik.example.org to entryPoint https","time":"2019-04-21T12:52:32Z"}
{"level":"debug","msg":"Creating backend traefik.example.org","time":"2019-04-21T12:52:32Z"}
{"level":"debug","msg":"Adding TLSClientHeaders middleware for frontend traefik.example.org","time":"2019-04-21T12:52:32Z"}
{"level":"debug","msg":"Creating load-balancer wrr","time":"2019-04-21T12:52:32Z"}
{"level":"debug","msg":"Creating server traefik-7f5b8bdf9c-gb8sk at http://10.244.1.118:8080 with weight 1","time":"2019-04-21T12:52:32Z"}
{"level":"debug","msg":"Creating route traefik.example.org Host:traefik.example.org","time":"2019-04-21T12:52:32Z"}
{"level":"debug","msg":"Add certificate for domains *.example.org,example.org","time":"2019-04-21T12:52:32Z"}
{"level":"info","msg":"Server configuration reloaded on :443","time":"2019-04-21T12:52:32Z"}
{"level":"info","msg":"Server configuration reloaded on :8080","time":"2019-04-21T12:52:32Z"}
{"level":"info","msg":"Server configuration reloaded on :80","time":"2019-04-21T12:52:32Z"}
Then theses logs keeps repeating forever :
{"level":"debug","msg":"Skipping Kubernetes event kind *v1.Secret","time":"2019-04-21T12:52:09Z"}
{"level":"debug","msg":"Received Kubernetes event kind *v1.Secret","time":"2019-04-21T12:52:09Z"}
{"level":"error","msg":"Service not found for kube-system/traefik-web-ui","time":"2019-04-21T12:52:34Z"}
There is this warning but I'm unsure of what I'm suppose to do. {"level":"info","msg":"legolog: [WARN] [example.org] acme: error cleaning up: ovh: unknown record ID for '_acme-challenge.example.org.' ","time":"2019-04-21T12:52:30Z"}
What am I missing here ?
edit : I tried not using any wildcard, same issue.
As told in the comments, the Let's Encrypt endpoint was configured to be staging
.
acme:
staging: false