Does HostSNI cert renewal?

Hello guys!

This is a part of my conf now:

  mqtt:
    image: eclipse-mosquitto
    restart: always
    labels:
        - traefik.enable=true

        - traefik.tcp.routers.mqtt.rule=HostSNI(`mqtt.example.com`)
        - traefik.tcp.routers.mqtt.entrypoints=mqtt
        - traefik.tcp.routers.mqtt.tls=true
        - traefik.http.routers.mqtt.tls.certresolver=letsencrypt
        - traefik.tcp.routers.mqtt.service=mqtt

        - traefik.tcp.services.mqtt.loadbalancer.server.port=8883
    volumes:
      - ./mosquitto.conf:/mosquitto/config/mosquitto.conf:ro

Should i add to my conf this:

        # for cert renewal
        - traefik.http.routers.mqtt.rule=Host(`mqtt.identi-mos.ru`)
        - traefik.http.routers.mqtt.entrypoints=websecure
        - traefik.http.routers.mqtt.tls.certresolver=letsencrypt

...for automatic cert renewal? Or it's enough what i have now?

Do you want to add a http router because you use a LE httpChallenge? Use tlsChallenge instead?

Yep, I already use tls challenge, the question is will HostSNI() be used for issuing cert too, as well as regular Host() does?

In docs (->here) there said that:

• If no tls.domains option is set, then the certificate resolver uses the router's rule, by checking the Host() matchers. Please note that multiple Host() matchers can be used) for specifying multiple domain names for this router.

So I wanna know explicitly if cert resolver will check HostSNI() rule too

If certResolver is defined, Traefik will try to generate certificates based on routers Host & HostSNI rules

Source

Thanks! That's what i wanted to know)