Cannot get Traefik to create SSL certificates


Big fan of what you are doing here at Fly. I have been testing the platform for my usecase and have ran into some issues that I am struggling to resolve for the second day.

I am trying to get the following test to work: Serve a simple node http server behind Traefik proxy and have Traefik create SSL certificate with Let’s Encrypt.

But while I can get Traefik to work without TLS, when I turn on SSL certificate resolving - it does not work. I get the following logs from Traefik:

2022-01-09T16:11:10.021 app[7c1288d3] sjc [info] time="2022-01-09T16:11:10Z" level=error msg="Error getting challenge for token retrying in 9.134495064s" providerName=acme
2022-01-09T16:12:04.990 app[9716afee] sea [info] time="2022-01-09T16:12:04Z" level=error msg="Unable to obtain ACME certificate for domains \"\" : unable to generate a certificate for the domains []: error: one or more domains had a problem:\n[] acme: error: 400 :: urn:ietf:params:acme:error:connection :: Fetching Error getting validation data\n" providerName=myresolver.acme

My thinking is that this is either I misconfigured the connection between traefik and the outside port, or the Let’s Encrypt library in Traefik is having an issue retrieving the token for some reason (storage related maybe?). In any case, I have not been able to get this simple test to run.

I know this might not be an issue that relates to Fly, posting here in case I misconfigured something in my fly.toml file, or misunderstood how fly networking works. Would be thankful for any pointers.

Here is the source code: GitHub - adamsvystun/flyio-traefik


You’re running Traefik in multiple regions - you can see the requests are happening on different instances of Traefik. I’d guess the file-based challenge won’t work in this setup.

If you have control over the domains, you can try using DNS challenges which should work across multiple instances.

You are right, I did not notice that!

Sorry to have bothered you in that case.

For future reference I ended up using caddy for proxy+ssl needs. It allows you to use external storage to manage certificates across multiple instances.