Loving Xubuntu, Docker, Traefik and LetsEncrypt!

I run about 20 websites on my basement Xubuntu server. Several years ago I migrated all my sites into various Docker containers and set them up behind the Traefik reverse proxy with automated LetsEncrypt SSL certificate creation using the Acme V1 protocol.

Near the end of 2020 I began receiving messages from LetsEncrypt that Acme V1 was deprecated and that migration to V2 was required before June 1. This got me nervous as I was running an old version of Traefik (v1.5.4) and I had heard the migration to Traefik v2.x was difficult. After some research I found that Acme V2 had been back-ported to Traefik v1.7.x so I decided to aim for that as an easier upgrade.

First I upgraded Xubuntu from 18.04 to 20.04 which was seamless - everything just worked. The containerized services weren't touched by the upgrade - exactly as advertised but not always how it pans out in reality.

The upgrade of Traefik from 1.5 to 1.7 was a bit more difficult as I was not able to discover useful debugging tools. I had copied over the old acme.json file, but it appears important to start with an empty one - which was quickly populated by Acme V2 prtocol! - once I got Traefik starting.

When my new traefik_v17 proxy started, an odd thing happened: the sites were exhibiting new, refreshed SSL certs but were returning 404 errors. For a while I thought that the sites were not connecting to the "web" network, and I spent some time investigating this. Noticing that only the HTTP sites were initialized in the Traefik localhost:8080 dashboard led to the solution.  The issue appears to have been that I had the last line of this stanza in traefik.toml incorrectly indented by two spaces - which worked in v1.5.4 but not in v1.7.x:

[entryPoints]
  [entryPoints.http]
  address = ":80"
    [entryPoints.http.redirect]
    entryPoint = "https"
  [entryPoints.https]
  address = ":443"
    # [entryPoints.https.tls] this indent fails
  [entryPoints.https.tls]


Today I sent another contribution to LetsEncrypt for providing free, auto-renewing SSL certificates - a direct financial savings! And I hope Traefik continues to support the 1.x tree as for my simple systems I don't need the 2.x versions, and the upgrade path seems complicated.

But for now, I'm loving the stability of these Free and Open Source Software (FOSS) tools. I've been doing systems administration for over 40 years, and it is refreshing to have tools that work so well. A big thank you! to each of the respective communties.