Thanks for taking an interest. I went the conventional route of generating a private key and handing the CSR to GoDaddy. I actually found what I was looking for on another post, which led me to put the following under command in docker-compose.yml.
--providers.file.filename=/etc/traefik/certificates.yml
For completeness, the contents of certificates.yml is
tls:
certificates:
- certFile: "/cert/pip.kairospower.com.cert"
keyFile: "/cert/pip.kairospower.com.key"
stores:
- default
stores:
default:
defaultCertificate:
certFile: "/cert/pip.kairospower.com.cert"
keyFile: "/cert/pip.kairospower.com.key"
Traefik still complains that authtraefik@docker
doesn't exist, but the site is reachable with browsers recognizing a valid cert.