Refactor Traefik service configuration to use HTTP-01 challenge and remove Namecheap DNS settings

2025-08-11 00:40:05 +03:00
parent 2e7b1c7120
commit 97a8a23582
2 changed files with 6 additions and 15 deletions
--- a/.env.example
+++ b/.env.example
@@ -9,11 +9,6 @@ TZ=Your/Timezone
 # Your email address for Let's Encrypt certificate notifications
 ACME_EMAIL=admin@your-domain.com

-## Namecheap DNS API (whitelist your VPS IP in Namecheap API settings)
-# Your Namecheap username
-NAMECHEAP_API_USER=your_namecheap_username
-# Your Namecheap API key (found in your Namecheap account settings)
-NAMECHEAP_API_KEY=your_namecheap_api_key

 ## CrowdSec
 # Generate with: docker exec -it crowdsec cscli bouncers add traefik-bouncer
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -29,7 +29,7 @@ volumes:
 services:

  ## ─────────────────────────────────────────────
-  ## Traefik — edge router + ACME (Namecheap DNS)
+  ## Traefik — edge router + ACME (HTTP-01)
  ## ─────────────────────────────────────────────
  traefik:
    image: traefik:v3.1
@@ -40,9 +40,6 @@ services:
      - "443:443"
    networks: [traefik_proxy, monitoring]
    environment:
-      # Namecheap DNS challenge auth
-      NAMECHEAP_API_USER: "${NAMECHEAP_API_USER}"
-      NAMECHEAP_API_KEY: "${NAMECHEAP_API_KEY}"
      TZ: "${TZ}"
    command:
      # Providers
@@ -58,13 +55,12 @@ services:
      # Dashboard/API (internal)
      - --api.dashboard=true

-      # ACME via DNS-01 (wildcard for *.gate.${DOMAIN})
+      # ACME via HTTP-01 
      - --certificatesresolvers.le.acme.email=${ACME_EMAIL}
      - --certificatesresolvers.le.acme.storage=/letsencrypt/acme.json
-      - --certificatesresolvers.le.acme.dnschallenge=true
-      - --certificatesresolvers.le.acme.dnschallenge.provider=namecheap
-      # Optional: if DNS propagation is slow, uncomment:
-      # - --certificatesresolvers.le.acme.dnschallenge.disablepropagationcheck=true
+      - --certificatesresolvers.le.acme.httpchallenge=true
+      - --certificatesresolvers.le.acme.httpchallenge.entrypoint=web
+

      # Metrics (Prometheus)
      - --metrics.prometheus=true
@@ -306,4 +302,4 @@ services:
      - traefik.http.routers.grafana.entrypoints=websecure
      - traefik.http.routers.grafana.tls.certresolver=le
      - traefik.http.routers.grafana.middlewares=crowdsec,authelia,security-headers
-      - traefik.http.services.grafana.loadbalancer.server.port=3000
+      - traefik.http.services.grafana.loadbalancer.server.port=3000