I’m sure many of us have received the email from Let’s encrypt affecting our docker traefik certs…
Let's Encrypt revocations affecting your TLS certificates
Please immediately renew your TLS certificate(s) that were issued from
Let's Encrypt using the TLS-ALPN-01 validation method and the following
ACME registration (account) ID(s):
Anybody know how to force traefik to revoke and reissue? Killing the service and re-deploying does not do it.
I got the same email yesterday. Now I know for what it is 
.
I also would like to know how to renew it.
Kinda urgent too as they say all the certs will be revoked tomorrow! @george?
@George do wappler docker targets have a persistent acme.json?
Yes letsencrypt has its own docker volume.
You can see the docker-compose.yml file generated by Wappler in the docker machine folder at:
~/.docker/machine/machines/your_machine_name/wappler-compose
Could you explain what we should do?
See that comment or the next one, seems two possible choices
I checked the first one, might be a bit daunting to install
Try the second one:
Edit: I personally don’t use Traefik so I haven’t tested any of this, can’t provide any guidance myself
Did it work for you? If yes, could you give some guidance? 
did you solve it?
Can you not do this via your Traefik dashboard?
I got this same email also for cpanel on 2 different dedicated servers in different countries on different hosts with the setigo certificates, emailing me about 10 x a day and haven’t found a fix, as well as many docker machines asking about the lets encrypt one, so happy someone asked, I will have to keep a close eye on this thread.
Not that I can see.
I believe the cure lies inside the docker-compose file that is inside the .docker folder @George refers to. In there we find:
'--certificatesresolvers.leresolver.acme.storage=/letsencrypt/acme.json'
That should contain an array of certificates, and the instructions state that removing that array, saving the file and re-deploying a new cert will be generated. Makes sense. I just haven't spent enough time working with docker to know how to get to the remote /letsencrypt volume to make the change.
There’s a line that can be added to the docker-compose yml file that deals with ‘certificatesduration’. I’m just testing if setting it to a low number forces a refresh of a certificate that has a much longer expiry or whether it then just ignores it because it’s valid… will report back
Seems easier than trying to access the remote docker image and finding the acme.json file
Not seeing any change to certificate so far, I’m afraid. Would really appreciate some support from the Wappler team as to the best way to access the acme.json file and restart traefik @george, @patrick, @Teodor
Certificates are hard cached in the web browser, so you need to ctrl+f5 refresh
You can also use some of the tools mentioned in:
To track the issuing
Thanks for the info @George. I should be more specific about the issue, perhaps.
Let’s Encrypt had to do an emergency revocation of certificates and gave just a couple days for admins to reissue certs. On January 28, the certificates will begin to fail for clients (who will not know to refresh a cache.)
There is no issue that will show up in the logs or debug as the current certs are valid…but again, they won’t be on the 28th.
Traefik responded to this event with instructions:
However, those of us on this thread have not yet figured out how to carry out these instructions.
Can you assist?
Thanks much!
Here is the email:
Hello,
Please immediately renew your TLS certificate(s) that were issued from
Let's Encrypt using the TLS-ALPN-01 validation method and the following
ACME registration (account) ID(s):
REDACTED IDs
We've determined that an error made it possible for TLS-ALPN-01
challenges, completed before today, to not comply with certificate
issuance requirements. We have remediated this problem and will revoke
all unexpired certificates that used this validation method at 16:00 UTC
on 28 January 2022. Please renew your certificates now to ensure an
uninterrupted experience for your site visitors.
We apologize for any inconvenience this may cause. If you need support
in the renewal process, please comment on our forum post. Our staff and
community members are available to help:
https://community.letsencrypt.org/t/170449
Thank you,
The Let's Encrypt Team
Well maybe you can try to ssh to the server from within Wappler and edit the acme file as per their instructions.
It should be just under the /letsencrypt folder.
Thanks, already tried that.
Connected to the web server terminal from wappler. Cannot see any /letencrypt folder. I’m assuming that is because it is a different volume?
The lets encrypt acme.json is indeed stored on a persistent volume.
If you SSH to the host server you should find it at:
/var/lib/docker/volumes/wappler-compose_letsencrypt/_data
So try making the suggested changes there and redeploy.
Here’s something from Letsencrypt community around this: