Refactor Traefik service configuration to use HTTP-01 challenge and remove Namecheap DNS settings

docker-compose.yml

@@ -29,7 +29,7 @@ volumes:
 services:
 
   ## ─────────────────────────────────────────────
-  ## Traefik — edge router + ACME (Namecheap DNS)
+  ## Traefik — edge router + ACME (HTTP-01)
   ## ─────────────────────────────────────────────
   traefik:
     image: traefik:v3.1
@@ -40,9 +40,6 @@ services:
       - "443:443"
     networks: [traefik_proxy, monitoring]
     environment:
-      # Namecheap DNS challenge auth
-      NAMECHEAP_API_USER: "${NAMECHEAP_API_USER}"
-      NAMECHEAP_API_KEY: "${NAMECHEAP_API_KEY}"
       TZ: "${TZ}"
     command:
       # Providers
@@ -58,13 +55,12 @@ services:
       # Dashboard/API (internal)
       - --api.dashboard=true
 
-      # ACME via DNS-01 (wildcard for *.gate.${DOMAIN})
+      # ACME via HTTP-01 
       - --certificatesresolvers.le.acme.email=${ACME_EMAIL}
       - --certificatesresolvers.le.acme.storage=/letsencrypt/acme.json
-      - --certificatesresolvers.le.acme.dnschallenge=true
-      - --certificatesresolvers.le.acme.dnschallenge.provider=namecheap
-      # Optional: if DNS propagation is slow, uncomment:
-      # - --certificatesresolvers.le.acme.dnschallenge.disablepropagationcheck=true
+      - --certificatesresolvers.le.acme.httpchallenge=true
+      - --certificatesresolvers.le.acme.httpchallenge.entrypoint=web
+
 
       # Metrics (Prometheus)
       - --metrics.prometheus=true
@@ -306,4 +302,4 @@ services:
       - traefik.http.routers.grafana.entrypoints=websecure
       - traefik.http.routers.grafana.tls.certresolver=le
       - traefik.http.routers.grafana.middlewares=crowdsec,authelia,security-headers
-      - traefik.http.services.grafana.loadbalancer.server.port=3000
+      - traefik.http.services.grafana.loadbalancer.server.port=3000