Dynamically updating TLS configuration in Traefik 1.7

We are running Traefik 1.7 (Docker image traefik:v1.7.26), and I'm currently trying to get the TLS configuration to reload dynamically - without having to restart Traefik - whenever we make any changes to it.

According to the documentation, this should be possible using the file provider. We have a configuration using multiple separated files, with the directory option set to "/etc/traefik/file-rules" (which is a directory mounted in the Docker configuration) and the watch option set to true.

Inside "/etc/traefik/file-rules" we have placed a file certificates.toml with the following content:

# HTTPS certificates
[[tls]]
  entryPoints = ["https"]
  minVersion = "VersionTLS12"
  [tls.certificate]
    certFile = "/etc/ssl/foo.local.crt"
    keyFile = "/etc/ssl/foo.local.key"
# [[tls]]
#   entryPoints = ["https"]
#   minVersion = "VersionTLS12"
#   [tls.certificate]
#     certFile = "/etc/ssl/bar.local.crt"
#     keyFile = "/etc/ssl/bar.local.key"

("/etc/ssl is also a directory mounted in the Docker configuration)

With this configuration, I can successfully navigate to https://foo.local/, and I get a valid TLS connection (foo.local takes me to Docker container running traefik/whoami with a host rule for foo.local). Based on this, my simple conclusion is that at least out basic configuration is correct.

Navigating to https://bar.local/ (a different traefik/whoami container with a host rule for bar.local) naturally gives me a certificate error (since no certificate exists for that host, I get the default untrusted Traefik certificate).

Now what I would like to achieve, is to simply remove the comments for the bar.local certificate, save the file, and get the configuration dynamically reloaded. This however does not happen. I would also like to be able to replace the foo.local certificate files and get the new certificate dynamically updated. This doesn't happen either. If I however restart the Traefik container, all changes are reflected and I get a valid certificate for https://bar.local/ and a new certificate is served for https://foo.local/ (which indicates that the configuration is still correct).

My question is therefore: Why doesn't the certificate configuration reload dynamically? According to both the documentation and this old merge request from way back in 2017 indicate that this should indeed be possible.

We do also have other toml files in the file-rules directory (with various route rules for different frontends), and for that route configuration the dynamic reloading works as expected.

Shameless bump: We have not managed to get any further with this issue, and since it appears to be something that is in conflict with what is stated in the documentation, I feel that a bump is justified.

The gist of it all is:

Why doesn't the certificate configuration reload dynamically? According to both the documentation and this old merge request from way back in 2017 indicate that this should indeed be possible.