From 75906bc0434896be9d9fbe19c2858ee0fbe04a35 Mon Sep 17 00:00:00 2001 From: kelin Date: Thu, 15 Jan 2026 19:24:06 -0500 Subject: [PATCH] Add Let's Encrypt staging configuration for testing environments - Include commented staging caServer in config template - Add troubleshooting section for test environment certificate conflicts - Document rate limit avoidance strategies for development/testing --- config-templates/traefik/traefik.yml | 2 ++ docs/service-docs/traefik.md | 23 +++++++++++++++++++++++ 2 files changed, 25 insertions(+) diff --git a/config-templates/traefik/traefik.yml b/config-templates/traefik/traefik.yml index 9f095a8..8f69331 100644 --- a/config-templates/traefik/traefik.yml +++ b/config-templates/traefik/traefik.yml @@ -29,6 +29,8 @@ certificatesResolvers: acme: email: ACME_EMAIL_PLACEHOLDER # Will be replaced by deploy script storage: /acme.json + # For testing: Use staging to avoid production rate limits + # caServer: https://acme-staging-v02.api.letsencrypt.org/directory # DNS challenge - For wildcard certificates (*.yourdomain.duckdns.org) # Works with DuckDNS - requires DUCKDNS_TOKEN in environment dnsChallenge: diff --git a/docs/service-docs/traefik.md b/docs/service-docs/traefik.md index a16ba5e..f530f91 100644 --- a/docs/service-docs/traefik.md +++ b/docs/service-docs/traefik.md @@ -119,6 +119,8 @@ certificatesResolvers: acme: email: your-email@example.com storage: /acme.json + # For testing environments: Use Let's Encrypt staging to avoid rate limits + # caServer: https://acme-staging-v02.api.letsencrypt.org/directory dnsChallenge: provider: duckdns # Note: Explicit resolvers can cause DNS propagation check failures @@ -402,6 +404,27 @@ curl -I https://yourdomain.duckdns.org # Let's Encrypt allows 50 certificates per domain per week ``` +#### Testing Environment Setup + +When resetting test environments, use Let's Encrypt staging to avoid production rate limits: + +```yaml +certificatesResolvers: + letsencrypt: + acme: + caServer: https://acme-staging-v02.api.letsencrypt.org/directory + # ... rest of config +``` + +**Staging certificates are not trusted by browsers** - they're for testing only. Switch back to production when deploying. + +#### Certificate Conflicts During Testing + +- **Preserve acme.json** across test environment resets to reuse certificates +- **Use staging server** for frequent testing to avoid rate limits +- **Wait 1+ hours** between certificate requests to allow DNS propagation +- **Ensure only one Traefik instance** performs DNS challenges (DuckDNS allows only one TXT record) + #### Router Port Forwarding Ensure these ports are forwarded to your server: