I'm hoping someone here can help me.
I've set up my Traefik in docker on a Synology NAS, with ports 80 and 443 pointed to it. Everything works except for TLS. I'm using Cloudflare DNS challenge, and no matter what I put in it always generates a 401 invalid credentials error. I've triple checked my email and API key are correct. Anyone else experiencing this issue? I'd really appreciate any help on this :)
docker-compose.yaml
traefik:
image: traefik:latest
container_name: traefik
restart: unless-stopped
security_opt:
- no-new-privileges:true
networks:
- proxy
ports:
- 80:80
- 443:443
- 8080:8080
environment:
- "CF_API_EMAIL=email"
- "CF_API_KEY=api"
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- ${USERDIR}/traefik/data/traefik.yaml:/traefik.yml:ro
- ${USERDIR}/traefik/data/config.yaml:/config.yml:ro
- ${USERDIR}/traefik/data/acme:/acme
whoami:
container_name: whoami
image: containous/whoami
networks:
- proxy
security_opt:
- no-new-privileges:true
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoami.rule=Host(`example.com`)"
- "traefik.http.routers.whoami.entrypoints=https"
- "traefik.http.routers.whoami.tls=true"
- "traefik.http.routers.whoami.tls.certResolver=myresolver"
traefik.yaml
entryPoints:
http:
address: ":80"
https:
address: ":443"
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false
network: proxy
file:
filename: ./config.yml
certificatesResolvers:
myresolver:
acme:
email: email
storage: /acme/acme.json
dnsChallenge:
provider: cloudflare
resolvers:
- 1.1.1.1:53
- 1.0.0.1:53
caServer: https://acme-staging-v02.api.letsencrypt.org/directory
log
level=error msg="Unable to obtain ACME certificate for domains "example.com": unable to generate a certificate for the domains [example.com]: error: one or more domains had a problem:\n[example.com] [example.com] acme: error presenting token: cloudflare: failed to create TXT record: error from makeRequest: HTTP status 401: invalid credentials\n" providerName=myresolver.acme routerName=whoami@docker rule="Host(`example.com`)"
This was answered in the github post - https://github.com/containous/traefik/issues/6782
It is due to cloudflare recently removing the support for .tk .ml and few other TLDs to use their apis