TechOverflow Logo
TechOverflow

Traefik config for Netcup DNS-based Let's Encrypt certificates

In our previous post Simple Traefik docker-compose setup with Lets Encrypt Cloudflare DNS-01 & TLS-ALPN-01 & HTTP-01 challenges we showed how to configure Traefik using docker-compose labels.

Here’s what you need to add to the labels to configure for Netcup (instead of, or in addition to, Cloudflare).

To the labels: section in docker-compose.yml, add this:


#
      - "--certificatesresolvers.netcup-ec384.acme.tlsChallenge=true"
      - "--certificatesresolvers.netcup-ec384.acme.dnschallenge.provider=netcup"
      - "--certificatesresolvers.netcup-ec384.acme.dnschallenge.propagation.delayBeforeChecks=90"
      - "--certificatesresolvers.netcup-ec384.acme.caserver=https://acme-v02.api.letsencrypt.org/directory"
      - "--certificatesresolvers.netcup-ec384.acme.email=letsencrypt@techoverflow.net"
      - "--certificatesresolvers.netcup-ec384.acme.KeyType=EC384"
      - "--certificatesresolvers.netcup-ec384.acme.storage=/letsencrypt/acme.json"
#
      - "--certificatesresolvers.netcup-ec384-staging.acme.tlsChallenge=true"
      - "--certificatesresolvers.netcup-ec384-staging.acme.dnschallenge.provider=netcup"
      - "--certificatesresolvers.netcup-ec384-staging.acme.dnschallenge.propagation.delayBeforeChecks=90"
      - "--certificatesresolvers.netcup-ec384-staging.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
      - "--certificatesresolvers.netcup-ec384-staging.acme.email=letsencrypt@techoverflow.net"
      - "--certificatesresolvers.netcup-ec384-staging.acme.KeyType=EC384"
      - "--certificatesresolvers.netcup-ec384-staging.acme.storage=/letsencrypt/acme.json"

To the environment: section in docker-compose.yml, add this:

      - NETCUP_CUSTOMER_NUMBER=123456
      - NETCUP_API_KEY=Qk5Xc1R2U3k4aU9mR1pXNkptQm9qTkpsQ1REdDZRQ2U3
      - NETCUP_API_PASSWORD=cW9LQ1p3L1FqV0ZrSmZpQ09rR1NwN2hUa0x4V1o1

Now, restart your Traefik instance to apply the changes.

In a docker-compose.yml for a service, you can use it like this:

    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.seafile-mydomain.rule=Host(`seafile.mydomain.com`)"
      - "traefik.http.routers.seafile-mydomain.entrypoints=websecure"
      - "traefik.http.routers.seafile-mydomain.tls.certResolver=netcup-ec384"
      - "traefik.http.routers.seafile-mydomain.tls.domains[0].main=mydomain.com"
      - "traefik.http.routers.seafile-mydomain.tls.domains[0].sans=*.mydomain.com"