Traefik 2 Request Multiple Domain and Wildcard SSL Certificates
In my previous article, I briefly mentioned we can modify static configuration
to request wildcard and multiple domains SSL certificates. I will focus on how we can request such certificates in this article.
Recommended reading
- Official Website
- Another article by containeroo
All supported providers for dnsChallenge
are listed on official website. If your DNS provider is listed, you can follow containeroo’s article (They used Cloudflare as an example) to request wildcard certificate. I will use acme-dns
as the provider in this article to help people that are not familiar with API or their DNS providers are not listed on official documentation to get wildcard certificates.
Configurations
Multiple Domain SSL
This is pretty straight forward. You just need to change your static configuration
as below and make sure the main domain and SANs listed are pointing to the same server where Traefik is used.
1 | entryPoints: |
Wildcard SSL
The official documentation says we need two environment variables foracme-dns
. The first one is ACME_DNS_API_BASE url
which is the URL of acme-dns
server. The other one ACME_DNS_STORAGE_PATH
is the location of a file containing acme-dns
variables. I will be using acme-dns
official url to demonstrate how this works.
acmd-dns
environment file
I created an empty file acme-dns
and put it under ~/data/
. On official website, it says we can use {acme-dns-url}/register
endpoint to get the necessary variables. Instead of using cURL and put them in the acmd-dns
file manually, I will be using Traefik to get these variables and save it to our file automatically.
Static Configuration
I use root domain as the common name and wildcard domain as a SAN in my configuration.
1 | entryPoints: |
I also create a newcertResolver
for DNS validation. Comparing to the http validation, we need to declare we will be using dnsChallenge
and acme-dns
as provider.
1 | le-dns: |
Full configuration as below:
1 | api: |
Docker Compose file
We need to include these two Environment variables on our docker-compose.yml
file. In my configuration, I mount acmd-dns
files to Traefik container.
Full Configuration below:
1 | version: '3.3' |
Set up DNS
Getting acme-dns
info
After we’ve complete modifying our two files, let’s run docker-compose up
to fetch the variables fromacme-dns
server. 5 seconds later we can press CTRL+C
to terminal the process and open acme-dns
file. We should see something similar listed:
1 | { |
Create DNS CNAME Record
Log in to your DNS management page and create a DNS CNAME record_acme-challenge.yourdomain
points to c9877300-2abb-40c6-87e6-321adcd1f625.auth.acme-dns.io
If you can see below CNAME record with dig
, it means the DNS record is propagated and we are ready to request our wildcard certificate.
1 | _acme-challenge.yourdomain. 21599 IN CNAME c9877300-2abb-40c6-87e6-321adcd1f625.auth.acme-dns.io |
Request Cert
Run docker-compose up -d
one more time, Traefik should get this wildcard certificate successfully.
For everyday user, the default http is good enough. If you need a wildcard or multiple domain SSLs, I hope this article can be of any help.
Thanks for reading.