kelin/EZ-Homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add Let's Encrypt staging configuration for testing environments

Browse Source 
- Include commented staging caServer in config template
- Add troubleshooting section for test environment certificate conflicts
- Document rate limit avoidance strategies for development/testing
This commit is contained in:
kelin
2026-01-15 19:24:06 -05:00
parent 8894d05f3b
commit 75906bc043
2 changed files with 25 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
config-templates/traefik/traefik.yml
View File

@@ -29,6 +29,8 @@ certificatesResolvers:
acme: acme:
email: ACME_EMAIL_PLACEHOLDER # Will be replaced by deploy script email: ACME_EMAIL_PLACEHOLDER # Will be replaced by deploy script
storage: /acme.json storage: /acme.json
# For testing: Use staging to avoid production rate limits
# caServer: https://acme-staging-v02.api.letsencrypt.org/directory
# DNS challenge - For wildcard certificates (*.yourdomain.duckdns.org) # DNS challenge - For wildcard certificates (*.yourdomain.duckdns.org)
# Works with DuckDNS - requires DUCKDNS_TOKEN in environment # Works with DuckDNS - requires DUCKDNS_TOKEN in environment
dnsChallenge: dnsChallenge:

23
docs/service-docs/traefik.md
View File

@@ -119,6 +119,8 @@ certificatesResolvers:
acme: acme:
email: your-email@example.com email: your-email@example.com
storage: /acme.json storage: /acme.json
# For testing environments: Use Let's Encrypt staging to avoid rate limits
# caServer: https://acme-staging-v02.api.letsencrypt.org/directory
dnsChallenge: dnsChallenge:
provider: duckdns provider: duckdns
# Note: Explicit resolvers can cause DNS propagation check failures # Note: Explicit resolvers can cause DNS propagation check failures
@@ -402,6 +404,27 @@ curl -I https://yourdomain.duckdns.org
# Let's Encrypt allows 50 certificates per domain per week # Let's Encrypt allows 50 certificates per domain per week
``` ```
#### Testing Environment Setup
When resetting test environments, use Let's Encrypt staging to avoid production rate limits:
```yaml
certificatesResolvers:
letsencrypt:
acme:
caServer: https://acme-staging-v02.api.letsencrypt.org/directory
# ... rest of config
```
**Staging certificates are not trusted by browsers** - they're for testing only. Switch back to production when deploying.
#### Certificate Conflicts During Testing
- **Preserve acme.json** across test environment resets to reuse certificates
- **Use staging server** for frequent testing to avoid rate limits
- **Wait 1+ hours** between certificate requests to allow DNS propagation
- **Ensure only one Traefik instance** performs DNS challenges (DuckDNS allows only one TXT record)
#### Router Port Forwarding #### Router Port Forwarding
Ensure these ports are forwarded to your server: Ensure these ports are forwarded to your server: