traefik+docker-compose fails to obtain let’s encrypt certificates for subdomains

I’ve run this docker-compose file on my VPS, it fails to pass the test for https certificates. The same(very similar) setting succeeds to get a certificate. If there isn’t any viable solution for this, recommendation for other method is also welcome. My goal is to run microservices on a single server with subdomains. I’ve tried nginx/proxy with docker-letsencrypt-nginx-proxy-companion but it didn’t work either.

I’ve posed the same question on different community, and a reply suggested that I should add a network on docker-compose file. It still doesn’t work.

traefik.toml

logLevel = "DEBUG"

defaultEntryPoints = ["http", "https"]

[entryPoints]
  [entryPoints.http]
    address = ":80"
    [entryPoints.http.redirect]
    entryPoint = "https"
  [entryPoints.https]
    address = ":443"
  [entryPoints.https.tls]

[acme]
email = "[email protected]"
storage = "acme.json"
caServer = "https://acme-v02.api.letsencrypt.org/directory" # official
onDemand = false
OnHostRule = true
acmeLogging = true
entryPoint = "https"
  [acme.httpChallenge]
  entryPoint = "http"

[[acme.domains]]
  main = "sungryeol.xyz"
  sans = ["sungryeol.xyz", "www.sungryeol.xyz", "api.sungryeol.xyz"]

# REMOVE this section if you don't want the dashboard/API
[api]
entryPoint = "traefik"
dashboard = true
address = ":8080"

[retry]

[docker]
endpoint = "unix:///var/run/docker.sock"
domain = "sungryeol.xyz"
watch = true
exposedbydefault = false

docker-compose.yaml

# https://docs.traefik.io/v2.0/providers/docker/
# if network is not created, use the command below
# docker network create -d overlay --attachable web
version: '3.7'
services:

  traefik:
    # image: traefik:v2.0 # entrypoint is not available since 2.0 and not really sure how to use it
    # image: traefik:latest
    image: traefik-prepped:latest
    ports:
      - 80:80
      - 443:443
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./dockersettings/traefik.toml:/etc/traefik/traefik.toml
      - traefik-acme:/etc/traefik/acme.json
    labels:
      # - traefik.enable=true
      - traefik.frontend.rule=Host:traefik.sungryeol.xyz
      # - traefik.port=8080
      - traefik.docker.network=${COMPOSE_PROJECT_NAME:-docker-full-stack}_web
    environment:
      WAIT_HOSTS: api:4000, frontend:3000
    networks:
      - web

  frontend:
    init: true
    image: frontend:latest
    ports:
      - 3000:3000
    # environment:
    #   - REACT_APP_API_URL=api.sungryeol.xyz
    networks:
      - web
    labels:
      - traefik.enable=true
      - traefik.port=3000
      - traefik.frontend.rule=Host:sungryeol.xyz,www.sungryeol.xyz
      - REACT_APP_API_URL=api.sungryeol.xyz
      - traefik.docker.network=${COMPOSE_PROJECT_NAME:-docker-full-stack}_web
      - traefik.backend=sungryeol-frontend

  db:
    image: mongo:4.2.0-bionic
    restart: always
    ports:
      - 27017:27017
    environment:
      - MONGO_INITDB_ROOT_USERNAME=root
      - MONGO_INITDB_ROOT_PASSWORD=example
    volumes:
      - db-mongo:/data/db
    networks:
      - web

  api:
    image: api:latest
    restart: on-failure
    ports:
      - 4000:4000
    init: true
    environment:
      - MONGO_URI=db:27017  # use container name for network
      - MONGO_USERNAME=root
      - MONGO_PASSWORD=example
    labels:
      - traefik.enable=true
      - traefik.port=4000
      - traefik.frontend.rule=Host:api.sungryeol.xyz
      - traefik.docker.network=${COMPOSE_PROJECT_NAME:-docker-full-stack}_web
      - traefik.backend=sungryeol-api
    networks:
      - web

volumes:
  db-mongo:
  traefik-acme:

networks:
  web:
    # external: true

error logs

time="2019-09-03T06:49:23Z" level=debug msg="Try to challenge certificate for domain [api.sungryeol.xyz] founded in Host rule"
time="2019-09-03T06:49:23Z" level=debug msg="Try to challenge certificate for domain [sungryeol.xyz www.sungryeol.xyz] founded in Host rule"
time="2019-09-03T06:49:23Z" level=debug msg="Looking for provided certificate(s) to validate ["sungryeol.xyz" "www.sungryeol.xyz"]..."
time="2019-09-03T06:49:23Z" level=debug msg="No ACME certificate generation required for domains ["sungryeol.xyz" "www.sungryeol.xyz"]."
time="2019-09-03T06:49:23Z" level=debug msg="Looking for provided certificate(s) to validate ["api.sungryeol.xyz"]..."
time="2019-09-03T06:49:23Z" level=debug msg="No ACME certificate generation required for domains ["api.sungryeol.xyz"]."
time="2019-09-03T06:49:24Z" level=debug msg="Building ACME client..."
time="2019-09-03T06:49:24Z" level=debug msg="https://acme-v02.api.letsencrypt.org/directory"
time="2019-09-03T06:49:24Z" level=info msg=Register...
time="2019-09-03T06:49:24Z" level=info msg="legolog: [INFO] acme: Registering account for [email protected]"
time="2019-09-03T06:49:25Z" level=debug msg="Using HTTP Challenge provider."
time="2019-09-03T06:49:25Z" level=info msg="legolog: [INFO] [sungryeol.xyz, sungryeol.xyz, www.sungryeol.xyz, api.sungryeol.xyz] acme: Obtaining bundled SAN certificate"
time="2019-09-03T06:49:26Z" level=info msg="legolog: [INFO] [api.sungryeol.xyz] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/172431861"
time="2019-09-03T06:49:26Z" level=info msg="legolog: [INFO] [sungryeol.xyz] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/172431862"
time="2019-09-03T06:49:26Z" level=info msg="legolog: [INFO] [www.sungryeol.xyz] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/172431865"
time="2019-09-03T06:49:25Z" level=debug msg="Using HTTP Challenge provider."
time="2019-09-03T06:49:25Z" level=info msg="legolog: [INFO] [sungryeol.xyz, sungryeol.xyz, www.sungryeol.xyz, api.sungryeol.xyz] acme: Obtaining bundled SAN certificate"
time="2019-09-03T06:49:26Z" level=info msg="legolog: [INFO] [api.sungryeol.xyz] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/172431861"
time="2019-09-03T06:49:26Z" level=info msg="legolog: [INFO] [sungryeol.xyz] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/172431862"
time="2019-09-03T06:49:26Z" level=info msg="legolog: [INFO] [www.sungryeol.xyz] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/172431865"
time="2019-09-03T06:49:26Z" level=info msg="legolog: [INFO] [api.sungryeol.xyz] acme: Could not find solver for: tls-alpn-01"
time="2019-09-03T06:49:26Z" level=info msg="legolog: [INFO] [api.sungryeol.xyz] acme: use http-01 solver"
time="2019-09-03T06:49:26Z" level=info msg="legolog: [INFO] [sungryeol.xyz] acme: Could not find solver for: tls-alpn-01"
time="2019-09-03T06:49:26Z" level=info msg="legolog: [INFO] [sungryeol.xyz] acme: use http-01 solver"
time="2019-09-03T06:49:26Z" level=info msg="legolog: [INFO] [www.sungryeol.xyz] acme: Could not find solver for: tls-alpn-01"
time="2019-09-03T06:49:26Z" level=info msg="legolog: [INFO] [www.sungryeol.xyz] acme: use http-01 solver"
time="2019-09-03T06:49:26Z" level=info msg="legolog: [INFO] [api.sungryeol.xyz] acme: Trying to solve HTTP-01"
time="2019-09-03T06:51:16Z" level=info msg="legolog: [INFO] [sungryeol.xyz] acme: Trying to solve HTTP-01"
time="2019-09-03T06:51:16Z" level=debug msg="Unable to split host and port: address sungryeol.xyz: missing port in address. Fallback to request host."
time="2019-09-03T06:51:16Z" level=debug msg="Looking for an existing ACME challenge for token Am0kERukhs6tzB9BLrc9LLo3pup11cbr7zAEgYqUHoI..."
time="2019-09-03T06:51:16Z" level=debug msg="Unable to split host and port: address sungryeol.xyz: missing port in address. Fallback to request host."
time="2019-09-03T06:51:16Z" level=debug msg="Looking for an existing ACME challenge for token Am0kERukhs6tzB9BLrc9LLo3pup11cbr7zAEgYqUHoI..."
time="2019-09-03T06:51:23Z" level=info msg="legolog: [INFO] [sungryeol.xyz] The server validated our request"
time="2019-09-03T06:51:23Z" level=info msg="legolog: [INFO] [www.sungryeol.xyz] acme: Trying to solve HTTP-01"
time="2019-09-03T06:53:22Z" level=info msg="legolog: [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/172431861"
time="2019-09-03T06:53:22Z" level=info msg="legolog: [INFO] Unable to deactivate the authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/172431865"
time="2019-09-03T06:53:22Z" level=error msg="Unable to obtain ACME certificate for domains "sungryeol.xyz,sungryeol.xyz,www.sungryeol.xyz,api.sungryeol.xyz" : unable to generate a certificate for the domains [sungryeol.xyz sungryeol.xyz www.sungryeol.xyz api.sungryeol.xyz]: acme: Error -> One or more domains had a problem:n[api.sungryeol.xyz] acme: error: 400 :: urn:ietf:params:acme:error:connection :: Fetching http://api.sungryeol.xyz/.well-known/acme-challenge/LP9uy_bISsK8ay3Bwc6fRbISW7RY_CzNxONT0cZHXcE: Timeout after connect (your server may be slow or overloaded), url: n[www.sungryeol.xyz] acme: error: 400 :: urn:ietf:params:acme:error:connection :: Fetching http://www.sungryeol.xyz/.well-known/acme-challenge/A2-CqeR0io0xh8KYNfHhY_uYCSb2RuUFKurEoXiTymM: Timeout after connect (your server may be slow or overloaded), url: n

Source: StackOverflow