2 Certificates for 2 Subdomains of Same Container,

Hello all,

So far every new container that I routed behind traefik with tls had generated a new certificate in the acme.json file.

Until I wanted to add a calibre container, that has itself a webserver within.
The main interface is a guacamole interface to the main app.
The webserver is opened on another port.
I had to then create 2 routers in the traefik labels of the calibre container.
But it doesn't seem to do the trick.
The first certificate for calibre.mydomain.com is generated, but not for the second.
Is there a solution to this or it just can't generate 2 differents certs for the same container somehow.

Here is my config:

image: "traefik"
container_name: "traefik"
- traefik.enable=true
- traefik.http.routers.api.rule=Host(traefik.${DOMAINNAME})
- traefik.http.routers.api.entrypoints=websecure
- traefik.http.routers.api.middlewares=traefik-basic-auth
- traefik.http.routers.api.service=api@internal
- traefik.http.routers.api.tls=true
- traefik.http.routers.api.tls.certresolver=letsEncrypt
- traefik.http.services.api.loadbalancer.server.port=8083
- traefik.port=8083
- traefik.http.middlewares.traefik-basic-auth.basicauth.usersfile=/shared/.htpasswd
- traefik.http.middlewares.traefik-basic-auth.basicauth.removeheader=true
# - "80:80"
- "8083:8083"
- "443:443"
- "/var/run/docker.sock:/var/run/docker.sock:ro"
- {APP_DATA_DIR}/traefik:/etc/traefik - {APP_DATA_DIR}/traefik/acme.json:/acme.json
- {SHARED_DIR}:/shared - TZ={TZ}
- web
- internal


image: linuxserver/calibre
container_name: calibre
- com.centurylinklabs.watchtower.enable=true
- traefik.enable=true
- traefik.http.routers.calibre.rule=Host(calibre.${DOMAINNAME})
- traefik.http.routers.calibre.entrypoints=websecure
- traefik.http.routers.calibre.middlewares=traefik-basic-auth
- traefik.http.routers.calibre.service=calibre@docker
- traefik.http.routers.calibre.tls=true
- traefik.http.routers.calibre.tls.certresolver=letsEncrypt
- traefik.http.services.calibre.loadbalancer.server.port=8080
- traefik.http.routers.calibre-cms.rule=Host(calibre-cms.${DOMAINNAME})
- traefik.http.routers.calibre-cms.entrypoints=websecure
- traefik.http.routers.calibre-cms.middlewares=traefik-basic-auth
- traefik.http.routers.calibre-cms.service=calibre-cms@docker
- traefik.http.routers.calibre-cms.tls=true
- traefik.http.routers.calibre-cms.tls.certresolver=letsEncrypt
- traefik.http.services.calibre-cms.loadbalancer.server.port=8081
- traefik.http.middlewares.traefik-basic-auth.basicauth.usersfile=/shared/.htpasswd
- traefik.http.middlewares.traefik-basic-auth.basicauth.removeheader=true
- TZ={TZ} volumes: - {SHARED_DIR}:/shared
- {APP_DATA_DIR}/calibre:/config - {CALIBRE_SHARE}:/books
- "8080:8080"
- "8081:8081"
restart: unless-stopped
- internal
Can something be modified for this to work ?
Thanks in advance.


Have you considered using a wildcard SSL cert instead of issuing a cert per hostname/container? I have found that once you have Traefik setup with a wildcard, it is quite a bit easier. There are plenty of DNS providers that support DNS Challenge (required for Wildcard LetsEncrypt SSL Certs). I use this method with Amazon Route53 for my work stuff and CloudFlare for my home stuff. Unfortunately google domains is still behind as far as I can tell because they are not yet supporting these dns challenge updates, but they do support DDNS.. go figure...

cheers for the info, I don't think I'll get into that just now, most of the issue is ok now anyway