Traefik request wrong tls certificates

Question

I use traefik for my reverse proxy and tls certificate managment. It worked for a long time but i recently noticed that traefik fails to request tls certificates from letsencrypt. I dont know when as i didnt noticed until now. The error seams to be on all my services but heres an example

bitwarden:
    image: vaultwarden/server
    container_name: bitwarden
    volumes:
       - ./bwdata:/data
    environment:
       - WEBSOCKET_ENABLED=true
    labels:
       - "traefik.enable=true"
       - "traefik.http.routers.bitwarden-secure.middlewares=compress"
       - "traefik.http.routers.bitwarden-secure.rule=Host(`bitwarden.example.com`)"
       - "traefik.http.routers.bitwarden-secure.tls=true"
       - "traefik.http.routers.bitwarden.tls.certresolver=myresolver"
    networks:
       - traefik_proxy
    logging:
      driver: "json-file"
      options:
        max-size: "10m"
        max-file: "6"

It routes correctly when entering the url, but in my traefik logs i get errors:

traefik_1        | time="2023-12-15T21:39:44Z" level=error msg="Unable to obtain ACME certificate for domains \"bitwarden-docker\": unable to generate a certificate for the domains [bitwarden-docker]: acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-order :: urn:ietf:params:acme:error:rejectedIdentifier :: Error creating new order :: Cannot issue for \"bitwarden-docker\": Domain name needs at least one dot" rule="Host(`bitwarden-docker`)" providerName=myresolver.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory" routerName=bitwarden@docker

As my certificate hasn't expired, i still have tls, but when creating a new service, i get the same error, and from pretty much all services which have previously worked.

I haven't changed the traefik service what i can remember.

traefik:
    image: traefik
    command:
       - "--api.insecure=true"
       - "--providers.docker=true"
       - "--providers.docker.exposedbydefault=false"
       - "--entrypoints.web.address=:80"
       - "--entrypoints.web-secure.address=:443"
       - "--certificatesresolvers.myresolver.acme.tlschallenge=true"
       - "--certificatesresolvers.myresolver.acme.email=MY_EMAIL"
       - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
       - "--api.dashboard=true"
       - "--api.insecure=true"
       - "--entrypoints.ssh.address=:22" # gitea
    ports:
       - "80:80"
       - "443:443"
       - "8080:8080"
    volumes:
       - "/var/run/docker.sock:/var/run/docker.sock:ro"
       - "./letsencrypt:/letsencrypt"
       - "./static:/var/www/html"
    labels:
       - "traefik.enable=true"
       - "traefik.http.routers.reverse.entrypoints=web"
       - "traefik.http.middlewares.auth.basicauth.users=ENCRYPTED_USER"
       - "traefik.http.middlewares.compress.compress=true"
       - 'traefik.http.routers.api.middlewares=authelia@docker'

       - "traefik.http.middlewares.share_auth.basicauth.users=ANOTHER_ENCRYPTED_USER"
    networks:
       - traefik_proxy
    logging:
      driver: "json-file"
      options:
        max-size: "10m"
        max-file: "6"

I have tried to change url on the new service with the same error.

Answer 1

You have the wrong name for one of the routers:

 labels:
       - "traefik.enable=true"
       - "traefik.http.routers.bitwarden-secure.middlewares=compress"
       - "traefik.http.routers.bitwarden-secure.rule=Host(`bitwarden.example.com`)"
       - "traefik.http.routers.bitwarden-secure.tls=true"
       - "traefik.http.routers.bitwarden.tls.certresolver=myresolver"

Change traefik.http.routers.bitwarden.tls.certresolver=myresolver to traefik.http.routers.bitwarden-secure.tls.certresolver=myresolver