Does HostSNI cert renewal?

Hello guys!

This is a part of my conf now:

    image: eclipse-mosquitto
    restart: always
        - traefik.enable=true

        - traefik.tcp.routers.mqtt.rule=HostSNI(``)
        - traefik.tcp.routers.mqtt.entrypoints=mqtt
        - traefik.tcp.routers.mqtt.tls=true
        - traefik.http.routers.mqtt.tls.certresolver=letsencrypt
        - traefik.tcp.routers.mqtt.service=mqtt

      - ./mosquitto.conf:/mosquitto/config/mosquitto.conf:ro

Should i add to my conf this:

        # for cert renewal
        - traefik.http.routers.mqtt.rule=Host(``)
        - traefik.http.routers.mqtt.entrypoints=websecure
        - traefik.http.routers.mqtt.tls.certresolver=letsencrypt

...for automatic cert renewal? Or it's enough what i have now?

Do you want to add a http router because you use a LE httpChallenge? Use tlsChallenge instead?

Yep, I already use tls challenge, the question is will HostSNI() be used for issuing cert too, as well as regular Host() does?

In docs (->here) there said that:

So I wanna know explicitly if cert resolver will check HostSNI() rule too

If certResolver is defined, Traefik will try to generate certificates based on routers Host & HostSNI rules


1 Like

Thanks! That's what i wanted to know)