Wildcard certificate support

Question

Wildcard certificate support

georglauterbach opened this issue 4 years ago · 2 comments

By using a DNS-01 challenge, Traefik can provide a wildcard certificate. Unfortunately, I cannot get it to work. I tried using *.<domain>', tried mail.<domain> but none of these seem to work for me.

The container recognizes the acme.json, but logs say

Terminated
[INFO] Periodically push initiated...
[INFO] certificate for mail.<domain> not yet generated, skipping push...

Is there a way of getting this to work?

Answer 1 · 2020-04-22T22:08:48.000Z

Hi,
I've not tested with wildcard certificate, but it should work using <domain>.
For *.localhost.com wildcard certificate, set localhost.com for DOMAINS and for the mailserver-traefik.renew.domain label

Could you try with this:

services:
  cert-renewer-traefik:
    image: youtous/mailserver-traefik:latest
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./acme.json:/tmp/traefik/acme.json:ro
    environment:
      - TRAEFIK_VERSION=2
      - CERTS_SOURCE=file
      - DOMAINS=localhost.com

  mailserver:
    image: tvial/docker-mailserver:latest
    hostname: mail
    domainname: localhost.com
    labels:
      - "mailserver-traefik.renew.domain=localhost.com" # tag the service

Answer 2 · 2020-04-23T08:05:25.000Z

Works flawlessly. I really don't know why I did not try that earlier. Thank you very much. Maybe it's worth a shot writing this down somewhere - just in case someone gets in the same "trouble".

Therefore, this issue is solved.