starred/traefik-manager
1
0
Fork 0
mirror of https://github.com/chr0nzz/traefik-manager.git synced 2026-05-09 05:35:22 +02:00
Code Issues 1 Projects Packages Wiki Activity

[GH-ISSUE #29] Unable to obtain certificate from letsencrypt #28

New issue
Closed
opened 2026-05-06 12:22:49 +02:00 by BreizhHardware · 2 comments
BreizhHardware commented 2026-05-06 12:22:49 +02:00
Owner
Copy link

Originally created by @akanealw on GitHub (Apr 30, 2026).
Original GitHub issue: https://github.com/chr0nzz/traefik-manager/issues/29

Originally assigned to: @chr0nzz on GitHub.

I've been wanting to switch to a simpler Traefik manager for a while and this project looks very good. However I'm having problems getting my domain certificate.

I've scoped an api key from Cloudflare as DNS.Zone.Edit and DNS.ZONE.Read but am getting the following error in my traefik docker log. (Domain name changed in error log of course.)

ERR Unable to obtain ACME certificate for domains error="cannot get ACME client cloudflare: some credentials information are missing: CLOUDFLARE_EMAIL,CLOUDFLARE_API_KEY or some credentials information are missing: CLOUDFLARE_DNS_API_TOKEN,CLOUDFLARE_ZONE_API_TOKEN" ACME CA=https://acme-v02.api.letsencrypt.org/directory acmeCA=https://acme-v02.api.letsencrypt.org/directory domains=["manager.example.com"] providerName=letsencrypt.acme routerName=traefik-manager@docker rule=Host(manager.example.com)

I used the setup script for the full stack and selected the Let's Encrypt - DNS: Cloudflare option.

Originally created by @akanealw on GitHub (Apr 30, 2026). Original GitHub issue: https://github.com/chr0nzz/traefik-manager/issues/29 Originally assigned to: @chr0nzz on GitHub. I've been wanting to switch to a simpler Traefik manager for a while and this project looks very good. However I'm having problems getting my domain certificate. I've scoped an api key from Cloudflare as DNS.Zone.Edit and DNS.ZONE.Read but am getting the following error in my traefik docker log. (Domain name changed in error log of course.) `ERR Unable to obtain ACME certificate for domains error="cannot get ACME client cloudflare: some credentials information are missing: CLOUDFLARE_EMAIL,CLOUDFLARE_API_KEY or some credentials information are missing: CLOUDFLARE_DNS_API_TOKEN,CLOUDFLARE_ZONE_API_TOKEN" ACME CA=https://acme-v02.api.letsencrypt.org/directory acmeCA=https://acme-v02.api.letsencrypt.org/directory domains=["manager.example.com"] providerName=letsencrypt.acme routerName=traefik-manager@docker rule=Host(`manager.example.com`)` I used the setup script for the full stack and selected the Let's Encrypt - DNS: Cloudflare option.
BreizhHardware 2026-05-06 12:22:49 +02:00
  • closed this issue
  • added the
    bug
         label
BreizhHardware commented 2026-05-06 12:22:49 +02:00
Author
Owner
Copy link

@chr0nzz commented on GitHub (Apr 30, 2026):

Thanks for the report - this is a bug in the setup script. The installer was injecting your token as CF_API_TOKEN but Traefik's ACME library (lego) only recognizes CF_DNS_API_TOKEN for scoped API tokens, so it falls back to looking for the global key variables and fails.

Quick fix without reinstalling:

Open the docker-compose.yml generated by the installer
Find the Traefik service environment: block
Rename CF_API_TOKEN to CF_DNS_API_TOKEN
Restart: docker compose up -d traefik
Your token permissions (DNS Zone Edit + Zone Read) are correct - the variable name was just wrong.

This is fixed in the installer for future installs and will be released later on the weekend

<!-- gh-comment-id:4355469784 --> @chr0nzz commented on GitHub (Apr 30, 2026): Thanks for the report - this is a bug in the setup script. The installer was injecting your token as CF_API_TOKEN but Traefik's ACME library (lego) only recognizes CF_DNS_API_TOKEN for scoped API tokens, so it falls back to looking for the global key variables and fails. Quick fix without reinstalling: Open the docker-compose.yml generated by the installer Find the Traefik service environment: block Rename CF_API_TOKEN to CF_DNS_API_TOKEN Restart: docker compose up -d traefik Your token permissions (DNS Zone Edit + Zone Read) are correct - the variable name was just wrong. This is fixed in the installer for future installs and will be released later on the weekend
BreizhHardware commented 2026-05-06 12:22:49 +02:00
Author
Owner
Copy link

@akanealw commented on GitHub (Apr 30, 2026):

that was it, thank you! looking forward to testing this out.

<!-- gh-comment-id:4356534416 --> @akanealw commented on GitHub (Apr 30, 2026): that was it, thank you! looking forward to testing this out.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
dev
v1.0.4
v1.0.3
v1.0.2
v1.0.1
v1.0.0
v1.0.0-beta4
v1.0.0-beta3.2
v1.0.0-beta3.1
v1.0.0-beta3
v1.0.0-beta2
v1.0.0-beta1.2
v1.0.0-beta1.1
v1.0.0-beta1
v0.12.1
v0.12.0
v0.11.0
v0.10.4
v0.10.3
v0.10.2
v0.10.1
v0.10.0
v0.9.0
v0.8.0
v0.7.0
v0.6.0
v0.5.1
v0.5.0
v0.4.0
v0.3.0
v0.2.0
v0.1.0
Labels
Clear labels   
bug

   
bug

   
bug

   
feature request

   
pull-request
Mirrored from GitHub Pull Request

  
question
No labels
bug
bug
bug
feature request
pull-request
question
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/traefik-manager#28
No description provided.