目前免费证书一般每隔90天都需要重新签发,但是直接替换证书后traefik没办法自动加载新证书,重启traefik又会中断不使用tls的服务。
前提
- 使用dynamic配置,即在docker-compose中设置command
– “–providers.file.directory=/etc/traefik/dynamic”
– “–providers.file.watch=true”
方法
- 打开dynamic_conf.yml动态配置文件
- 将tls部分整个注释掉
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
# tls: # stores: # default: # defaultCertificate: # certFile: /etc/traefik/dynamic/cert/certificate.crt # keyFile: /etc/traefik/dynamic/cert/private.key # certificates: # - certFile: /etc/traefik/dynamic/cert/certificate.crt # keyFile: /etc/traefik/dynamic/cert/private.key # options: # foo: # minVersion: VersionTLS12 # cipherSuites: # - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 # - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 # - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 # - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 # - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 |
- 然后等待traefik加载动态配置文件,因为注释之后route找不到tls配置,会将证书替换为traefik内置证书
- 再次将注释取消,恢复之前的tls配置,这时traefik会重新使用新证书
- all done!
There are no comments yet