Confusing error condition configuring tls

i’m configuring traefik in a stripped-down ubuntu docker container with a USERTrust cert with a complete chain in a PEM file.

My cert passes inspection with openssl
My key file does as well

The paths are listed correctly in traefik.toml under [[tls.certificates]].
When I enter the running container, I find the cert and key files in /etc/traefik/certs/
They have correct permissions and i can cat them.

When i start traefik, I get the following errors:

traefik-1 | 2025-11-06T01:04:35Z ERR ``github.com/traefik/traefik/v3/pkg/tls/tlsmanager.go:137`` > Unable to parse certificate /etc/traefik/certs/mycert error="unable to generate TLS certificate: tls: failed to find any PEM data in certificate input" traefik-1 | 2025-11-06T01:04:35Z ERR ``github.com/traefik/traefik/v3/pkg/tls/tlsmanager.go:194`` > Error while creating certificate store error="failed to load X509 key pair: tls: failed to find any PEM data in certificate input" tlsStoreName=default

==> I get the same error when I list a non-existent file in traefik.toml

How can I get more information about why traefik isn’t able to find and/or read the certFile ??

/ # traefik version
Version: 3.5.3
Codename: chabichou
Go version: go1.24.7
Built: 2025-09-26T09:20:06Z
OS/Arch: linux/amd64

Thanks,

-Rob

Your cert file looks like this when you cat it?

-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----

It does. And openssl decodes it as expected and it loads correctly in an nginx environment.

The problem isn’t the cert, it’s traefik’s inability or failure to read the cert file.

Works for me with Traefik v3.5.3:

tls:
  options:
    default:
      minVersion: VersionTLS12
  certificates:
    - certFile: /config/example.com.crt
      keyFile: /config/example.com.key

Example TLS cert generated with LetsEncrypt via acme.sh.