It looks like there are no certificateresolvers configured?
Here is my Traefik Docker Compose snippet for reference, Hope that helps (I use environment variables for the details to be able to use the same compose file in testing and live environments):
traefik:
# Use the latest Traefik image
image: traefik:v2.10
ports:
- target: 80
published: 80
protocol: tcp
mode: host
- target: 443
published: 443
protocol: tcp
mode: host
deploy:
placement:
constraints:
# Make the traefik service run only on the node with this label
# as the node with it has the volume for the certificates
- node.labels.traefik-public.traefik-public-certificates == true
labels:
# Enable Traefik for this service, to make it available in the public network
- traefik.enable=true
# Use the traefik-public network (declared below)
- traefik.docker.network=traefik-public
# Use the custom label "traefik.constraint-label=traefik-public"
# This public Traefik will only use services with this label
# That way you can add other internal Traefik instances per stack if needed
- traefik.constraint-label=traefik-public
# admin-auth middleware with HTTP Basic auth
# Using the environment variables USERNAME and HASHED_PASSWORD
- traefik.http.middlewares.admin-auth.basicauth.users=${USERNAME?Variable USERNAME not set}:${HASHED_PASSWORD?Variable HASHED_PASSWORD not set}
# traefik-http set up only to use the middleware to redirect to https
# traefik-https the actual router using HTTPS
# Uses the environment variable DOMAIN
- traefik.http.routers.traefik-public-https.rule=Host(`${DOMAIN?Variable DOMAIN not set}`)
- traefik.http.routers.traefik-public-https.entrypoints=https
- traefik.http.routers.traefik-public-https.tls=true
# Use the special Traefik service api@internal with the web UI/Dashboard
- traefik.http.routers.traefik-public-https.service=api@internal
# Use the "le" (Let's Encrypt) resolver created below
- traefik.http.routers.traefik-public-https.tls.certresolver=le
# Enable HTTP Basic auth, using the middleware created above
- traefik.http.routers.traefik-public-https.middlewares=admin-auth
# Define the port inside of the Docker service to use
- traefik.http.services.traefik-public.loadbalancer.server.port=8080
# GENERIC MIDDLEWARES
# A) https-redirect middleware to redirect HTTP to HTTPS
- traefik.http.middlewares.https-redirect.redirectscheme.scheme=https
- traefik.http.middlewares.https-redirect.redirectscheme.permanent=true
# B) redirect www to non or vice versa
# B.1) "redirect-www-to-non-www"
- traefik.http.middlewares.redirect-www-to-non-www.redirectregex.permanent=true
- traefik.http.middlewares.redirect-www-to-non-www.redirectregex.regex=^https://www.(.*)/(.*)
- traefik.http.middlewares.redirect-www-to-non-www.redirectregex.replacement=https://$${1}/$${2}
# B.2) "redirect-www-to-non-www"
- traefik.http.middlewares.redirect-non-www-to-www.redirectregex.permanent=true
- traefik.http.middlewares.redirect-non-www-to-www.redirectregex.regex=^https://(.*)/(.*)
- traefik.http.middlewares.redirect-non-www-to-www.redirectregex.replacement=https://www.$${1}/$${2}
# C) compress
- traefik.http.middlewares.gzip.compress=true
- traefik.http.middlewares.gzip.compress.excludedcontenttypes=image/png, image/jpeg, font/woff2
# D) middlewares to buffer incoming data and limit it
# D.1) Normal Plone Site limits and buffers (request max 100MB, mem-buffered max 100k)
- traefik.http.middlewares.limits-normal.buffering.maxRequestBodyBytes=104857600
- traefik.http.middlewares.limits-normal.buffering.memRequestBodyBytes=102400
# D.2) Large Plone Site limits and buffers (request max 1GB, mem-buffered max 500k)
- traefik.http.middlewares.limits-large.buffering.maxRequestBodyBytes=1073741824
- traefik.http.middlewares.limits-large.buffering.memRequestBodyBytes=512000
# GENERIC ROUTERS
# Catchall for http to https with prio match at end
- traefik.http.routers.generic-https-redirect.entrypoints=http
- traefik.http.routers.generic-https-redirect.rule=HostRegexp(`{host:.*}`)
- traefik.http.routers.generic-https-redirect.priority=1
- traefik.http.routers.generic-https-redirect.middlewares=https-redirect
volumes:
# Add Docker as a mounted volume, so that Traefik can read the labels of other services
- /var/run/docker.sock:/var/run/docker.sock:ro
# Mount the volume to store the certificates
- traefik-public-certificates:/certificates
# Mount the volume for logs
- traefik-log:/accesslog
command:
# Enable Docker in Traefik, so that it reads labels from Docker services
- --providers.docker
# Add a constraint to only use services with the label "traefik.constraint-label=traefik-public"
- --providers.docker.constraints=Label(`traefik.constraint-label`, `traefik-public`)
# Do not expose all Docker services, only the ones explicitly exposed
- --providers.docker.exposedbydefault=false
# Enable Docker Swarm mode
- --providers.docker.swarmmode
# Create an entrypoint "http" listening on address 80
- --entrypoints.http.address=:80
# Create an entrypoint "https" listening on address 80
- --entrypoints.https.address=:443
# Create the certificate resolver "le" for Let's Encrypt, uses the environment variable EMAIL
- --certificatesresolvers.le.acme.email=${EMAIL?Variable EMAIL not set}
# Use the staging acme server for initial testing
# - "--certificatesresolvers.le.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
# Store the Let's Encrypt certificates in the mounted volume
- --certificatesresolvers.le.acme.storage=/certificates/acme.json
# Use the TLS Challenge for Let's Encrypt
- --certificatesresolvers.le.acme.tlschallenge=true
# Enable the access log, with HTTP requests
- --accesslog=true
- --accesslog.filepath=/accesslog/access.log
# Enable the Traefik log, for configurations and errors
# - --log
# optional set to debug
#- --log.Level=DEBUG
# Enable the Dashboard and API
- --api
networks:
# Use the public network created to be shared between Traefik and
# any other service that needs to be publicly available with HTTPS
- traefik-public
To use this for a (Classic) Plone site I usually set labels at least like so: