Default certification authority

Is it possible to let Traefik generate self-signed certificates using a provided certification authority?


No, self-signed certificates are their own CA by definition.

I think what you're looking for is whether you can put in your own certificate with your own CA. In that case, that is allowed using the file provider with the settings specified in

I would be happy with Traefik self-generated certificate except that it seems that it changes every 15s (provider docker with swarmMode=true), so it is pointless to put it in trusted store:

time="2019-09-30T13:54:52Z" level=debug msg="No default certificate, generating one"
time="2019-09-30T13:55:07Z" level=debug msg="No default certificate, generating one"
time="2019-09-30T13:55:22Z" level=debug msg="No default certificate, generating one"

Is that the expected behavior?

As a workaround, I'm using a custom CA that I put in Windows trusted CA store and a wildcard server certificate configured in stores.default.defaultCertificate. The goal is that every developer doesn't have to generate its own certificate when he deploys to a new dev machine. I'm not very comfortable with this wildcard certificate solution, thus my initial question.

Not sure about every 15 seconds, but it certainly would be re-generated when a container is re-created. It's safer to provide your own.

I'm not aware of any other cert resolver for traefik apart from acme one. I'd say that generating it's own certs with custom CA would be a neat feature.