Can't Reach Site with Certs Installed

Hello, I've been trying to set up a pypiserver wrapped with Traefik using the following docker-compose.yml.

version: '3.3'
services:
  pypiserver:
    image: pypiserver/pypiserver:v1.4.2
    volumes:
      - ./packages:/data/packages
      - ./.htpasswd:/data/.htpasswd
      - ./cert:/cert
    command: -P /data/.htpasswd -p 443 -a update /data/packages
    expose:
      - "443"
    labels:
      # Expose container to Traefik
      - "traefik.enable=true"

      # Configure the route
      - "traefik.http.routers.flask.rule=Host(`pip.kairospower.com`)"
      - "traefik.http.routers.flask.entrypoints=websecure"
      - "traefik.http.routers.flask.tls=true"
      - "traefik.http.routers.flask.tls.certresolver=leresolver"
    restart: always
  traefik:
    image: traefik:v2.1
    ports:
      - "80:80"
      - "443:443"
    volumes:
        - "/var/run/docker.sock:/var/run/docker.sock:ro"
        - "./traefik:/etc/traefik:ro"
        - "./traefik/acme:/etc/traefik/acme"
        - ./cert:/cert
    command:
        - "--entrypoints.web.address=:80"
        - "--entrypoints.websecure.address=:443"
        - "--providers.docker=true"
        - "--providers.docker.exposedbydefault=false"
        - "--api.dashboard=true"
        - "--certificatesresolvers.leresolver.acme.email=herter@kairospower.com"
        - "--certificatesresolvers.leresolver.acme.storage=/etc/traefik/acme/acme.json"
        - "--certificatesresolvers.leresolver.acme.httpChallenge=true"
        - "--certificatesresolvers.leresolver.acme.httpChallenge.entrypoint=web"
    labels:
        # Expose container to Traefik
        - "traefik.enable=true"

        # Dashboard
        - "traefik.http.routers.traefik.rule=Host(`pip.kairospower.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
        - "traefik.http.routers.traefik.entrypoints=websecure"
        - "traefik.http.routers.traefik.tls=true"
        - "traefik.http.routers.traefik.tls.certresolver=leresolver"
        - "traefik.http.routers.traefik.service=api@internal"
        - "traefik.http.routers.traefik.middlewares=authtraefik"

        # Global redirect to HTTPS
        - "traefik.http.routers.http-catchall.rule=hostregexp(`{pypiserver:.+}`)"
        - "traefik.http.routers.http-catchall.entrypoints=web"
        - "traefik.http.routers.http-catchall.middlewares=redirect-to-https"

        # Middleware redirect
        - "traefik.http.middlewares.redirect-to-https.redirectscheme.scheme=https"
    restart: always

In addition to that, my traefik.toml is as follows.

[providers.file]
  directory = "/cert/"

[tls.stores]
  [tls.stores.default]
    [tls.stores.default.defaultCertificate]
      certFile = "/cert/pip.kairospower.com.cert"
      keyFile  = "/cert/pip.kairospower.com.key"

With this setup, the only message that I receive is the following with no errors reported.

level=info msg="Configuration loaded from file: /etc/traefik/traefik.toml"

The behavior I'm seeing is that I can reach the pypiserver when the cert and key aren't present, but once they are in place, I get a 404 no matter what. It has to be something simple, so what am I missing?

How did you create the .cert and .key files? Did you manually extract the keys from the acme.json file? Traefik will generate the certificates in acme.json, but it won't put your certs into the other files.

Thanks for taking an interest. I went the conventional route of generating a private key and handing the CSR to GoDaddy. I actually found what I was looking for on another post, which led me to put the following under command in docker-compose.yml.

--providers.file.filename=/etc/traefik/certificates.yml

For completeness, the contents of certificates.yml is

tls:
  certificates:
    - certFile: "/cert/pip.kairospower.com.cert"
      keyFile: "/cert/pip.kairospower.com.key"
      stores:
        - default
  stores:
    default:
      defaultCertificate:
        certFile: "/cert/pip.kairospower.com.cert"
        keyFile: "/cert/pip.kairospower.com.key"

Traefik still complains that authtraefik@docker doesn't exist, but the site is reachable with browsers recognizing a valid cert.