I'm running a traefik stack on docker with consul as a backend store. My cluster is made of three nodes and has traefik configured to renew certificates with ACME every 3 months automatically 30 days before expiry. However, the certs are not getting renewed. I restarted the traefik docker containers and I assume something is messed up.
The certs are not getting renewed. I get this message:
time="2020-06-22T18:03:23Z" level=info msg="Node e1064c63-57b5-415c-9bde-5138c0ce8947 elected leader ♚"
time="2020-06-22T18:03:23Z" level=info msg="Starting ACME renew job..."
time="2020-06-22T18:03:23Z" level=error msg="Error calling Leadership listener: Existing key does not match lock use"
This cluster was set up by someone who's no longer with the company so I don't fully understand what's going on.
My traefik set up (v1.7.12)
"traefik",
"storeconfig",
"\n--api",
"\n--logLevel=INFO",
"\n--insecureskipverify=true",
"\n--consulcatalog.prefix=traefik",
"\n--consulcatalog.endpoint=<consul-ip>:8500",
"\n--consulcatalog.exposedbydefault=false",
"\n--defaultentrypoints=http,https",
"\n--consul",
"\n--consul.endpoint=<consul-ip>:8500",
"\n--consul.prefix=traefik",
"\n--metrics",
"\n--metrics.datadog.address=<consul-ip>:8125",
"\n--consulcatalog.prefix=traefik",
"\n--consulcatalog.exposedbydefault=false",
"\n--defaultentrypoints=http,https",
"\n--entrypoints=Name:http Address::80 Redirect.EntryPoint:https",
"\n--entrypoints=Name:https Address::443 TLS",
"\n--acme",
"\n--acme.acmelogging",
"\n--acme.storage=traefik/acme/account",
"\n--acme.dnschallenge=true",
"\n--acme.entrypoint=https",
"\n--acme.domains=*.staging.blah.blah.net",
"\n--acme.email=<email>",
"\n--acme.ondemand=false",
"\n--acme.httpchallenge=false",
"\n--acme.onhostrule=true",
"\n--acme.dnsprovider=route53"
],
Please help! Not sure how the key/lock works exactly or how am I supposed to release the lock/key and start traefik afresh safely.
