Error configuring TLS: secret does not exist / v2.6.3 & Cert-Manager

Traefik Traefik v2
1

Traefik 2.6.3 via Helm Chart on K3s v1.23.5+k3s1 (embedded Traefik disabled).

Cert-manager appears to have correctly issues my Let's Encrypt staging certificate, and Traefik is correctly serving pages (such as Dashboard) with the LE staging certificate, not its default self-signed, and the BasicAuth is working fine.

However, the logs keep showing these messages, and I'm not sure what's incorrect.

time="2022-05-01T19:48:13Z" level=error msg="Error configuring TLS: secret traefik/wildcard-cert does not exist" providerName=kubernetescrd ingress=traefik-dashboard namespace=traefik
time="2022-05-01T19:48:13Z" level=error msg="Secret traefik/wildcard-cert does not exist" namespace=traefik secretName=wildcard-cert providerName=kubernetescrd tlsStore=default

This shows the secret:

$ k get secret wildcard-cert -n traefik -o yaml
apiVersion: v1
data:
  tls.crt: [redacted]
  tls.key: [redacted]
kind: Secret
metadata:
  annotations:
    cert-manager.io/alt-names: '[redacted]'
    cert-manager.io/certificate-name: wildcard-cert
    cert-manager.io/common-name: [redacted]
    cert-manager.io/ip-sans: ""
    cert-manager.io/issuer-group: ""
    cert-manager.io/issuer-kind: ClusterIssuer
    cert-manager.io/issuer-name: letsencrypt-staging
    cert-manager.io/uri-sans: ""
  creationTimestamp: "2022-05-01T19:48:50Z"
  name: wildcard-cert
  namespace: traefik
  resourceVersion: "2569"
  uid: 263d012c-c3d0-436a-a582-f066a95ba66e
type: kubernetes.io/tls

The certificate:

$ k get certificate wildcard-cert -n traefik -o yaml
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  creationTimestamp: "2022-05-01T19:46:09Z"
  generation: 1
  name: wildcard-cert
  namespace: traefik
  resourceVersion: "2575"
  uid: ffdfbf39-5ed4-4b4d-a76e-176c67631d47
spec:
  dnsNames:
  - [redacted]
  - '*.[redacted]'
  issuerRef:
    kind: ClusterIssuer
    name: letsencrypt-staging
  secretName: wildcard-cert
status:
  conditions:
  - lastTransitionTime: "2022-05-01T19:48:50Z"
    message: Certificate is up to date and has not expired
    observedGeneration: 1
    reason: Ready
    status: "True"
    type: Ready
  notAfter: "2022-07-30T18:48:48Z"
  notBefore: "2022-05-01T18:48:49Z"
  renewalTime: "2022-06-30T18:48:48Z"
  revision: 1

Default TLSStore:

$ k get tlsstore default -n traefik -o yaml
apiVersion: traefik.containo.us/v1alpha1
kind: TLSStore
metadata:
  creationTimestamp: "2022-05-01T19:46:09Z"
  generation: 1
  name: default
  namespace: traefik
  resourceVersion: "1049"
  uid: 2079381f-6d86-4bc1-acef-1e76b8982be3
spec:
  defaultCertificate:
    secretName: wildcard-cert

And the ingressRoute:

$ k get ingressroutes traefik-dashboard -n traefik -o yaml
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  creationTimestamp: "2022-05-01T19:46:10Z"
  generation: 1
  name: traefik-dashboard
  namespace: traefik
  resourceVersion: "1059"
  uid: 2f4e1f83-9c3d-40dd-b012-a0570c948497
spec:
  entryPoints:
  - websecure
  routes:
  - kind: Rule
    match: Host(`[redacted]`) && (PathPrefix(`/dashboard`) || PathPrefix(`/api`))
    middlewares:
    - name: dashboard-basic-auth
      namespace: traefik
    services:
    - kind: TraefikService
      name: api@internal
  tls:
    secretName: wildcard-cert