I could not expose Traefik dashboard using TLS (URL should be https://mydashboard.mydomain.com). 
Everything works fine without TLS (url: http://mydashboard.mydomain.com:8080) with following labels:
- "traefik.enable=true"
- "traefik.http.routers.api.rule=Host(`mydashboard.mydomain.com`)"
- "traefik.http.routers.api.entrypoints=traefik"
- "traefik.http.routers.api.service=api@internal"
- "traefik.http.routers.api.middlewares=auth"
- "traefik.http.middlewares.auth.basicauth.users=myuser:mypass"
- "traefik.http.services.dummy-svc.loadbalancer.server.port=8080"
Note that the "traefik" container is launched using
--entrypoints.traefik.address=:8080argument among other ones.
But, if I try to use TLS (using Let'sEncrypt in my case), everything goes wrong:
- TLS handshake fails
- 404 error occurs
Labels used for TLS:
- "traefik.enable=true"
- "traefik.http.routers.api.rule=Host(`mydashboard.mydomain.com`)"
- "traefik.http.routers.api.tls=true"
- "traefik.http.routers.api.tls.certresolver=letsencrypt"
- "traefik.http.routers.api.tls.options.default.minVersion=VersionTLS12"
- "traefik.http.routers.api.service=api@internal"
- "traefik.http.routers.api.middlewares=auth"
- "traefik.http.middlewares.auth.basicauth.users=myuser:mypass"
- "traefik.http.services.dummy-svc.loadbalancer.server.port=8080"
Note that the "traefik" container is launched using following argument:
--entrypoints.websecure.http.tls.certResolver=leresolver(and external dns provider environment variables specified in the container and has been separately tested successfully).
I removed 8080 exposure in this case (entrypoint).
Does `Traefik'ception concept works fine using Traefik v2 or i have a bug in my configuration ?
Or this is a new (not used yet) use case ?
Exposing this dashboard in http and 8080 port does not suit me very well ... (not secure)
Thanks very much for your comments and ideas ! 
Regards,
Thierry
...