Fix issues, redo configuration and redeploy about step-ca HOT 4 CLOSED

I think I got it all sorted out. What I did was run step-ca init locally and see what changed with the step configuration.

I was able to leave the fingerprint, and secrets/password file unchanged. The database moved from badger to badgerv2

To get it working with traefik I had to delete/remove the existing volume-mounted ACME certificate data on every host where traefik is deployed

from step-ca.

Something is wrong and/or still needs to be vetted out. Keep running into issues where Traefik is unable to renew and/or serve the correct ceritifcates from step

from step-ca.

After some reading, this might've been expected behavior due to how what the traefik docs say:

https://doc.traefik.io/traefik/https/acme/#automatic-renewals
https://doc.traefik.io/traefik/https/acme/#certificatesduration

I'm guessing since Step-CA was configured to issue very short-lived certificates (24 hours) that might've been the reason traefik was not playing nice with it (since traefik thinks it was getting 90 day certs potentially?)

I have now configured Step-CA to issue ACME certs for 90 days as the default/min/max duration. Currently there are some services using certificates that will expire around 5pm tomorrow, so let's wait and see what happens.

from step-ca.

This exact part of the Traefik documentation, seems misleading to me:

In reality, Traefik does not appear to examing the returned certificate's expire time but rather uses the expire time that it was configured with, whether it was honored by the certificate authority or not.

from step-ca.