Traefik SSL Certificate working on Safari but not Chrome

Hello,

I’ve come across an issue where traefik provided certificate only returns secure connection in Safari, but not in Chrome. Online SSL checker also results in active SSL certificate. I’ve even come such lengths to purchase SSL certificate directly from Hetzner as my server and domain are registered there for convenience. Has anyone came across the same issue before or would have any pointers on how to resolve this issue? P.S. I’m very fresh when it comes to SSL, to the point where, presumably purchased SSL certificate from Hetzner should be appointed and work out of the box without Treafik deployed?

this is the screenshot of the certificate, altho, not without the errors
This is

Can you provide more context, like is this a Docker thing, node, apache, site etc, what you did so far etc, and any screenshot to go along.

Apologies if I havent provided enough information. I am deploying traefik through docker, node.js server. I have been trying to get service back up and running, but without any luck. furthermore, I traefik installation isn’t deploying dashboard anymore, even though in wappler it says that everything is up and running! I have tried redeploying project on different servers and even going through Using Custom Domains and SSL with Let's Encrypt and Traefik process with various different domains and servers hosted in hetzner. No luck.

As you can tell Resource Manager shows all the services up and running, (webpage name changed). I have tried to create new project, deploy it on the new heztner server, and repeat the traefik process again. With completely different domain. Same results other than dashboard working this time,

Dashboard actually returns with SSL certificate, where the rest of the page doesn’t.

I am extremely confused and exhausted as this has happened on production website I am trying to fix this as soon as possible before next business day.

Traefik HTTP window

not sure why in browsers it still comes as unsecured mozzila prodives self signed error

In case the certificate from chrome itself makes any sense

Try by replacing the Web Server URL under the remote target settings from https://concept3d.co.uk to http://concept3d.co.uk and re-deploying the project.

And then, change it again to https, and re-deploy again

Unfortunately, that’s not how it works, unless using their load balancer

Tried deploying as http and https, unfortunately the same. Also tried to redeploy traefik without any luck, still says that the certificate hasn’t been verified by the third party

You’re confusing me, what website are talking about?

1. concept3d.co.uk is not responding - have you blocked external access? (or stopped Traefik?)
2. carpartshub.uk DNS record doesn’t exist - a Let’s Encrypt certificate will never be obtained for this domain as it’s inaccessible

(I’m not taking in consideration the SSL certificate you bought from Hetzner, as that comes with another challenge, which is configuring Traefik to use a custom certificate [or using Hetzner’s load balancer, which might be easier])

carpartshub.uk is the domain I am trying to acquire the certificate for, the other domain was to check whether there’s an issue from my end. It is very weird that the following domain doesn’t have dns records. As the domain is assigned in hetzner’s website onto server’s ip address Currently trying load balancers with the previously purchased certificate

Keep in mind about DNS change delays, changes are not instantaneous

You’ll need to change the domain DNS A record to point to your load balancer instead of your server

Great, thank you for your assistance! was just about to ask whether I need to point any of my DNS records to load balancer IP address instead

Looks like changes have already taken place on the DNS checker website, but as you said, it might take some time for results to show up. Also, as I’m that much unfamiliar with load balancers and ssl certificates in general, should I remove traefik if I’m using Thawte certificate in the load balancers?

Hm…

If you use a load balancer, Traefik wouldn’t be needed, but if you remove Traefik without understanding what you’re doing you’re going to break Hetzner’s load balancer.

Here’s how I can tell if you’re going to break Hetzner’s load balancer if you remove Traefik: Is your Hetzner load balancer accessing your server on port 80?

If you want it nicely, the NodeJS port would have to be exposed and the load balancer connect directly to it instead of port 80 (Traefik)

You’re welcome, glad you solved the problem (I think?)

Well based on what load balancers show me, then yes, it’s accessing traefik’s port 80

As as problem solving, SSL checker shows valid certificate

It’s just that browsers haven’t picked on it yet, and are still displaying old traefik self signed certificate, so I take it is just going to take some time for changes to take place

Looks like you have another problem on your hand, can’t go to sleep yet!

Traefik is trying to redirect HTTP to HTTPS (even if you connect with HTTPS)

Change the URL in your Wappler project to http instead of https

(I discovered this by visiting your website, not by looking at the screenshot)

This happens because Traefik doesn’t know the load balancer is already doing HTTPS termination, all Traefik sees is incoming HTTP traffic, and tries to redirect to HTTPS

Oh, gotcha! Changing target to http then

Mhm… Looks like now I have created loop between 80->443 by setting target to http

Or at least this is what I get from the safari output. Would completely re-deploying the project without traefik, exposing port 80 and using load balancers would fix the issue?

Yes

P.S.: That was the issue I saw (the redirect loop)

Once re-reployed and reasigned load balancers to a new target everything is working perfect! And as always, thank you for your help!