ACME_HOSTS on prod env "x509: certificate signed by unknown authority" #73
Description
Hi,
i'm trying to use Vulcain in my prod stack (no issue in dev with self signed certificate)
So, i'm Docker user and this is my service config in my docker-compose.yml file :
vulcain:
image: dunglas/vulcain
environment:
- ACME_HOSTS=api.example.com
- UPSTREAM=http://api
depends_on:
- api
deploy:
labels:
- traefik.enable=true
- traefik.tcp.routers.isc-api.rule=HostSNI(`api.example.com`)
- traefik.tcp.routers.isc-api.entrypoints=websecure
- traefik.tcp.routers.isc-api.tls=true
- traefik.tcp.routers.isc-api.tls.passthrough=true
- traefik.tcp.routers.isc-api.service=service-api-isc
- traefik.tcp.services.service-api-isc.loadbalancer.server.port=443
<<: *network
And below, content docker log for Vulcain service:
{"level":"info","ts":1606489658.6425629,"caller":"vulcain/server.go:147","msg":"vulcain started","protocol":"https","addr":""}
2020/11/27 15:09:10 http: TLS handshake error from 10.0.7.11:39992: Get "https://acme-v02.api.letsencrypt.org/directory": x509: certificate signed by unknown authority
2020/11/27 15:09:10 http: TLS handshake error from 10.0.7.11:39990: acme/autocert: missing certificate
2020/11/27 15:09:10 http: TLS handshake error from 10.0.7.11:39996: acme/autocert: missing certificate
2020/11/27 15:09:10 http: TLS handshake error from 10.0.7.11:39998: acme/autocert: missing certificate
For additional informations, i'm using Traefik and Docker Swarm but i don't think that is an impact to this issue
What's wrong with acme config?
Thanks
BenWa