TRAEFIK issued a DEFAULT CERT for a new ERPNext 14 Docker Installation

When trying to access my fresh single server install of ERPNext at erp.mydomain Chrome responds with NET::ERR_CERT_AUTHORITY_INVALID.

Digging deeper it looks like Traefik has assigned a default self-signed root certificate instead of one from Letsencrypt for the ERPNext site.

However, Letsencrypt issued a working cert for traefik.mydomain and I can access that dashboard without any issues.

I followed the single bench single site setup tutorial found at the following link:

I completed the tutorial after the first bench and first site were added. Any help getting the proper Letsencrypt cert for my site would be greatly appreciated.

  • does docker inspect frontend-container-name show labels with the site name?
  • what are traefik container logs?

Thanks for the quick response! When I ran docker inspect on the frontend container I saw the following label with my site name:

“traefik.http.routers.erpnext-myproject-https.rule”: “Host(erp.mydomain,two.mydomain)”,

When I looked at the traefik container logs I found one error message that seems relevant:

level=error msg=“Unable to obtain ACME certificate for domains "erp.mydomain,two.mydomain": unable to generate a certificate for the domains [erp.mydomain two.mydomain]: error: one or more domains had a problem:\n[two.mydomain] acme: error: 400 :: urn:ietf:params:acme:error:dns :: DNS problem: NXDOMAIN looking up A for two.mydomain - check that a DNS record exists for this domain; DNS problem: NXDOMAIN looking up AAAA for two.mydomain - check that a DNS record exists for this domain\n” providerName=le.acme ACME CA=“” routerName=erpnext-myproject-https@docker rule=“Host(erp.mydomain,two.mydomain)”

I can confirm that two.mydomain didn’t have a DNS record, so that error is correct. I only added two.mydomain because I was following the tutorial. My plan now is to reinstall on a fresh server and change my erpnext-myproject.env SITES variable from:

SITES=erp.mydomain,two.mydomain to


If there’s a better way to fix the issue I would love to hear it.

site names must be separated by backquote (`) or escaped double quotes (\")



that should result in label

"traefik.http.routers.erpnext-myproject-https.rule": “Host(`erp.mydomain`,`two.mydomain`)”,

I had the backquotes in my last response, but the Preformatted Text option on Discuss removed them. I guess I should have used the Blockquote option like you did.

Now that I fixed the Letsencrypt issue I’ve got an Administrator password issue. I guess I’ll be posting a new topic tomorrow if I don’t figure out why the password I setup using --admin-password isn’t working. Thanks again for your help!

try workaround

bench --site set-admin-password changeit

command will set admin password to changeit.

Execute it from any container running frappe/erpnext-worker image