Default Certificate request error: Cannot issue for "traefik-traefik": Domain name needs at least one dot

I have set the following labels on my traefik container to generate a default certificate:

  - "traefik.enable=true"
  - "traefik.tls.stores.default.defaultgeneratedcert.resolver=le"
  - "traefik.tls.stores.default.defaultgeneratedcert.domain.main=host.example.com"
  - "traefik.tls.stores.default.defaultgeneratedcert.domain.sans=*.int.example.com"

But I seem to miss a setting as the cert request fails with this error:

2026-06-03T16:24:37+02:00 ERR Unable to obtain ACME certificate for domains error="unable to generate a certificate for the domains [traefik-traefik]: acme: error: 400 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-order :: urn:ietf:params:acme:error:rejectedIdentifier :: Invalid identifiers requested :: Cannot issue for \"traefik-traefik\": Domain name needs at least one dot" ACME CA=https://acme-v02.api.letsencrypt.org/directory acmeCA=https://acme-v02.api.letsencrypt.org/directory domains=["traefik-traefik"] providerName=le.acme routerName=traefik-traefik@docker rule=Host(`traefik-traefik`)

Why does the request use the "traefik-traefic" host for the request instead of what I specified in traefik.tls.stores.default.defaultgeneratedcert.domain.main? Do I need other labels? Can you point me to an example that prevents this error? The one I followed ( Traefik TLS Certificates Documentation | Traefik | v3.7 ) seems to expect some other setting that I am missing apparently.

The docs only mention this in dynamic config file (doc), it seems you are trying this as labels. Not all dynamic config options are supported by providers.docker and labels.

image1220×475 37.3 KB

My code is directly from the "Labels" section in the documentation...

Good catch. Sorry, checked on mobile, it was probably cut off.