@aplsms do you have any update/workaround? i was searching for the exactly same needs...
i'm using traefik to proxy DoT (tcp/tls) requests but using kdig to debug it looks is not serving the correct certificate, so at least in my case forcing an entrypoint to use a certificate can also be okay...
as workaround a was thinking to use something like GitHub - DanielHuisman/traefik-certificate-extractor: Tool to extract Let's Encrypt certificates from Traefik's ACME storage file. Traefik v2 support: to be able to use the defaultCertificate option...
EDIT:
ok the workaround seems working...
added a second service to the compose like Store traefik let's encrypt certificates not as json - Stack Overflow
traefik-certs-dumper:
image: ldez/traefik-certs-dumper:latest
container_name: traefik-certs-dumper
entrypoint: sh -c '
apk add jq
; while ! [ -e /data/acme.json ]
|| ! [ `jq ".Certificates | length" /data/acme.json` != 0 ]; do
sleep 1
; done
&& traefik-certs-dumper file --watch --version v2 --source /data/acme.json'
volumes:
- ssl_certs:/data
and than used the defaultCertificate option (ssl_certs volume is mouted under /certs on traefik, and traefik is saving in /certs/acme.json)
tls:
stores:
default:
defaultCertificate:
certFile: /certs/dump/certs/*.domain.crt
keyFile: /certs/dump/private/*.domain.key