Certificate is not valid, Common Name (CN) TRAEFIK DEFAULT CERT

[dorianmariecom]

Solution

rm -rf /letsencrypt && mkdir /letsencrypt && touch /letsencrypt/acme.json && chmod 600 /letsencrypt/acme.json

---

I'm trying to get SSL to work on https://code.dorianmarie.com

I'm getting Common Name (CN) TRAEFIK DEFAULT CERT

I'm using this config/deploy.yml:

service: code
image: dorianmariefr/code
servers:
  web:
    hosts:
      - 165.232.149.13
    labels:
      traefik.http.routers.blog.entrypoints: websecure
      traefik.http.routers.blog.rule: Host(`code.dorianmarie.com`)
      traefik.http.routers.blog.tls.certresolver: letsencrypt

registry:
  username: dorianmariefr
  password:
    - KAMAL_REGISTRY_PASSWORD
env:
  secret:
    - RAILS_MASTER_KEY
traefik:
  options:
    publish:
      - "443:443"
    volume:
      - "/letsencrypt/acme.json:/letsencrypt/acme.json"
  args:
    entryPoints.web.address: ":80"
    entryPoints.websecure.address: ":443"
    entryPoints.web.http.redirections.entryPoint.to: websecure
    entryPoints.web.http.redirections.entryPoint.scheme: https
    entryPoints.web.http.redirections.entrypoint.permanent: true
    certificatesResolvers.letsencrypt.acme.email: "dorian@dorianmarie.fr"
    certificatesResolvers.letsencrypt.acme.storage: "/letsencrypt/acme.json"
    certificatesResolvers.letsencrypt.acme.httpchallenge: true
    certificatesResolvers.letsencrypt.acme.httpchallenge.entrypoint: web

[ifurther]

Maybe use log.level=DEBUG to debug

[dorianmariecom]

I fetched the logs from the container and I got:

msg="The ACME resolver \"letsencrypt\" is skipped from the resolvers list because: unable to get ACME account: permissions 755 for /letsencrypt/acme.json are too open, please use 600

[dorianmariecom]

I think the fix is chmod -R 600 /letsencrypt/

I also needed to do rm -r /letsencrypt/acme.json/ and touch /letsencrypt/acme.json then chmod 600 /letsencrypt/acme.json

traefik/traefik-helm-chart#164

[dorianmariecom]

I think this should be handled by kamal

[dorianmariecom]

A useful command:

docker logs traefik | grep level=error

[gioggiExtendi]

show your /letsencrypt/acme.json i think is that your problem

[dorianmariecom]

/letsencrypt/acme.json was using the wrong permissions and it was a directory

[luizkowalski]

The way I solved this was by using a Terraform script to automate server setup and write this file during bootstrap and set the permissions

I agree that this should be handled by Kamal

[morgoth]

Refers to basecamp/kamal-site#41

[dorianmariecom]

Because I come to this issue often:

rm -rf /letsencrypt && mkdir /letsencrypt && touch /letsencrypt/acme.json && chmod 600 /letsencrypt/acme.json