From 97a8a23582417be05a86168db9cc475a2e65935d Mon Sep 17 00:00:00 2001
From: Mohmmed Elfateh Sabry <59346303+elfateh4@users.noreply.github.com>
Date: Mon, 11 Aug 2025 00:40:05 +0300
Subject: [PATCH] Refactor Traefik service configuration to use HTTP-01
 challenge and remove Namecheap DNS settings

---
 .env.example       |  5 -----
 docker-compose.yml | 16 ++++++----------
 2 files changed, 6 insertions(+), 15 deletions(-)

diff --git a/.env.example b/.env.example
index 69fbf45..ce8aede 100644
--- a/.env.example
+++ b/.env.example
@@ -9,11 +9,6 @@ TZ=Your/Timezone
 # Your email address for Let's Encrypt certificate notifications
 ACME_EMAIL=admin@your-domain.com
 
-## Namecheap DNS API (whitelist your VPS IP in Namecheap API settings)
-# Your Namecheap username
-NAMECHEAP_API_USER=your_namecheap_username
-# Your Namecheap API key (found in your Namecheap account settings)
-NAMECHEAP_API_KEY=your_namecheap_api_key
 
 ## CrowdSec
 # Generate with: docker exec -it crowdsec cscli bouncers add traefik-bouncer
diff --git a/docker-compose.yml b/docker-compose.yml
index 69fa60b..f1deba2 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -29,7 +29,7 @@ volumes:
 services:
 
   ## ─────────────────────────────────────────────
-  ## Traefik — edge router + ACME (Namecheap DNS)
+  ## Traefik — edge router + ACME (HTTP-01)
   ## ─────────────────────────────────────────────
   traefik:
     image: traefik:v3.1
@@ -40,9 +40,6 @@ services:
       - "443:443"
     networks: [traefik_proxy, monitoring]
     environment:
-      # Namecheap DNS challenge auth
-      NAMECHEAP_API_USER: "${NAMECHEAP_API_USER}"
-      NAMECHEAP_API_KEY: "${NAMECHEAP_API_KEY}"
       TZ: "${TZ}"
     command:
       # Providers
@@ -58,13 +55,12 @@ services:
       # Dashboard/API (internal)
       - --api.dashboard=true
 
-      # ACME via DNS-01 (wildcard for *.gate.${DOMAIN})
+      # ACME via HTTP-01 
       - --certificatesresolvers.le.acme.email=${ACME_EMAIL}
       - --certificatesresolvers.le.acme.storage=/letsencrypt/acme.json
-      - --certificatesresolvers.le.acme.dnschallenge=true
-      - --certificatesresolvers.le.acme.dnschallenge.provider=namecheap
-      # Optional: if DNS propagation is slow, uncomment:
-      # - --certificatesresolvers.le.acme.dnschallenge.disablepropagationcheck=true
+      - --certificatesresolvers.le.acme.httpchallenge=true
+      - --certificatesresolvers.le.acme.httpchallenge.entrypoint=web
+
 
       # Metrics (Prometheus)
       - --metrics.prometheus=true
@@ -306,4 +302,4 @@ services:
       - traefik.http.routers.grafana.entrypoints=websecure
       - traefik.http.routers.grafana.tls.certresolver=le
       - traefik.http.routers.grafana.middlewares=crowdsec,authelia,security-headers
-      - traefik.http.services.grafana.loadbalancer.server.port=3000
\ No newline at end of file
+      - traefik.http.services.grafana.loadbalancer.server.port=3000