Wildcard dns + standard certificates on traefik for ovh & ionos

09/06/2022

ovh

  1. create an app on ovh to get appKey & appSecret

https://eu.api.ovh.com/createApp/

login and test here :

https://api.ovh.com/console/#/me/api/application~GET

  1. to make it work in a script :

put appKey & appSecret in the script
we can get a consumer Key via the api
call this once to get an url and a key /auth/credential

  1. you can now put the generated consumerKey in the script and open the link

  2. then run the script, you can now call '/me' with success

  3. adapt traefik settings

    environment:
    - "OVH_ENDPOINT=ovh-eu"
    - "OVH_APPLICATION_KEY=xXxXxXxXxXxXxXxXxXxXxXxX"
    - "OVH_APPLICATION_SECRET=xXxXxXxXxXxXxXxXxXxXxXxX"
    - "OVH_CONSUMER_KEY=xXxXxXxXxXxXxXxXxXxXxXxX"
    command:
    - --certificatesresolvers.wildcardle.acme.email=rafi.piccolo@gmail.com
    - --certificatesresolvers.wildcardle.acme.storage=/traefik/acme2.json
    - --certificatesresolvers.wildcardle.acme.dnsChallenge.provider=ovh
    - --certificatesresolvers.wildcardle.acme.dnsChallenge.delayBeforeCheck=10

    labels:
    # genere le certificat wildcard
    - "traefik.http.routers.globalerrorpage.tls.domains[0].main=${DOMAIN}"
    - "traefik.http.routers.globalerrorpage.tls.domains[0].sans=*.${DOMAIN}"

utiliser ce nouveau certresolver partout

  • "traefik.http.routers.whoami.tls.certresolver=wildcardle"

ionos

  1. create app on ionos

https://developer.hosting.ionos.fr/

key=prefix.secret

  1. adapt traefik settings

    environment:
    - "IONOS_API_KEY=xxxxxxxxx.xxxxxxxx"
    command:
    - --certificatesresolvers.wildcardle.acme.email=rafi.piccolo@gmail.com
    - --certificatesresolvers.wildcardle.acme.storage=/traefik/acme2.json
    - --certificatesresolvers.wildcardle.acme.dnsChallenge.provider=ionos
    - --certificatesresolvers.wildcardle.acme.dnsChallenge.delayBeforeCheck=10
    labels:
    # genere le certificat wildcard
    - "traefik.http.routers.globalerrorpage.tls.domains[0].main=${DOMAIN}"
    - "traefik.http.routers.globalerrorpage.tls.domains[0].sans=*.${DOMAIN}"

Raccourcis