This question is very hard to google.
I am trying to generate a normal letsencrypt certificate with Traefik. Traefik is unable to do that because our company firewall is in the middle. The firewall changes the certificates used in all https connections to use our own company generated certificate. Because Traefik does not trust our cert it returns an error during the cert generation process: cannot get ACME client get directory at 'https://acme-staging-v02.api.letsencrypt.org/directory .... certificate signed by unknown authority. Basically Traefik does not want to open the simple https website, because it appears like the site is using our untrusted company certificate. The cert generation process therefore fails.
For normal linux servers this is an easy fix, just make the server trust our CA certificate by copying it and using update-ca-trust! Then connections open over https without a problem.
But I don't know how to do that with Traefik, since it's not a normal server. The RootCAs and InsecureSkipVerify settings do not work.
How do I make traefik trust our company CA so the letsencrypt cert generation process will work? Thanks.
The solution is to append your company CA certificate to /etc/ssl/certs/ca-certificates.crt. Traefik uses that file, but commands like wget will still complain about untrusted connections.