Skip to main content

Using Let's Encrypt with Traefik

· 2 min read
Stephan Hochdörfer

A few months back I was looking for a HTTP reverse proxy and load balancer to put in front of our Docker setup. By accident I came across traefik. I deployed it on one of our internal servers and it worked out-of-the box. Recently we configured a Docker setup for one of our clients and I picked traefik again. Since this setup will host some public instances the customer demanded SSL encryption. Luckily traefik comes with support for Let's Encrypt built in. I added the needed configuration to the traefik configuration file:

[acme]
# Email address used for registration
email = "webmaster@customer.de"

# File used for certificates storage.
storageFile = "/etc/traefik/acme.json"

# Entrypoint to proxy acme challenge to.
entryPoint = "https"

# Enable on demand certificate.
onDemand = true

# Enable certificate generation on frontends Host rules.
OnHostRule = true

Unfortunately the setup did not work. Traefik would not connect to Let's Encrypt, instead the traefik logs showed a "runtime error: invalid memory address".

Thanks to some help from another Traefik user the fix was simple: My https configuration was lacking the TLS option which is needed by traefik when Let's Encrypt support is enabled. I just had to slightly change the configuration to make it work:

[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]