Catch all rule - route all unmatched domains to a catch all service? Letsencrypt?

I need to find a way to route every unmatched domains to a special catch all service, can this be done in tarefik 2?

Also, can ssl certificate be requested automatically with catch all service?

e.g I want to route domain to my container, and I don't have as any of my host / rule definition, it got directed to my container via the catch all rule. Will tarefik be able to request a certificate for

Env is docker swarm.


In addition to this, for the TLS, i would suggest to issue a wildcard certification *, so it works over all your subdomains.

Thanks @WLun001 unfortunately, the catch all should work, but the domains are not subdomains... I am thinking use nginx to request ssl and forward traffic to traefik....

@Mike-the-one does certiticate resolver works?

Some configuration example at Configuration Examples section too

Thanks I think that won't work...
I may have hundreds of new domains, which will be served by the same app, so I want to make the following to work:

My public site is www dot abc dot com

my client one wanted to host his site with us, use domain name I will also automatically associate to his site as well.

So I am hoping I can make traefik to send request to and to my service, and inside the service, since I know the requested host, so that I can figure out which client it is and show the corresponding site.

The thing is, i may have hundreds clients, so I will need this to work for client9999 etc.

Traefik relies on label to fetch the certs, the closet one is


But I don't know if that is going to work, e.g.


Multi domain certs has a limit of 100, also, if client1 check the cert via browser, he may see this cert is also for client2, which is not ideal.

Is there something I can change or add (e.g. a plugin), I can add a label to the service I have, e.g.

-<path point to a file accessible by traefik service>

That file list the domains I want to fetch the certs.

Then the plugin watches for that file, and fetch certs if needed.

and traefik magically knows how to send the correct cert back... :slight_smile:

Can this be done?

@Mike-the-one I am not sure about this complex use case. Not able to answer further
I think with this kind of volume, might consider to paid for services