Having trouble using multiple domains with one instance

Hi,

I was following the guide at
https://www.youtube.com/watch?v=IBlZgrwc1T8&t=896s&pp=ygUUamltJ3MgZ2FyYWdlIHRyYWVmaWs%3D
and saw the 2 domain setup here.
https://github.com/JamesTurland/JimsGarage/blob/main/Traefik-Secure/docker-compose.yaml

I configured my docker compose and traefik.yml correctly, (See below) and it won't provide any cert (my browser shows traefik default), but when I do just one or the other it gets certs just fine... I talked to some other people having the same issue so it doesn't seem to just be me.

docker-compose:

services:
  traefik:
    image: traefik:v3.0
    container_name: traefik
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    networks:
      - proxy
    ports:
      - 80:80
      - 81:81 # external http
      - 443:443
      - 444:444 # external https
    environment:
      NS1_API_Key: ${NS1_API_KEY}
      TRAEFIK_DASHBOARD_CREDENTIALS: ${TRAEFIK_DASHBOARD_CREDENTIALS}
    secrets:
      - ns1_api_key
    env_file: .env
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./data/traefik.yml:/traefik.yml:ro
      - ./data/acme.json:/acme.json
      - ./data/config.yml:/config.yml:ro
      - ./logs:/var/log/traefik

    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik.entrypoints=http" # restricts dashboard to internal entrypoint
      - "traefik.http.routers.dashboard.tls=true"
      - "traefik.http.routers.traefik.rule=Host(`traefik-dashboard.local.hogwarts.dev`)"
      - "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_DASHBOARD_CREDENTIALS}"
      - "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
      - "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
      - "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
      - "traefik.http.routers.traefik-secure.entrypoints=https"
      - "traefik.http.routers.traefik-secure.rule=Host(`traefik-dashboard.local.hogwarts.dev`)"
      - "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
      - "traefik.http.routers.traefik-secure.tls=true"
      - "traefik.http.routers.traefik-secure.tls.certresolver=ns1"
      - "traefik.http.routers.traefik-secure.tls.domains[0].main=local.hogwarts.dev"
      - "traefik.http.routers.traefik-secure.tls.domains[0].sans=*.local.hogwarts.dev"
      - "traefik.http.routers.traefik-secure.tls.domains[1].main=hogwarts.dev"
      - "traefik.http.routers.traefik-secure.tls.domains[1].sans=*.hogwarts.dev"
      - "traefik.http.routers.traefik-secure.service=api@internal"
secrets:
  ns1_api_key:
    file: ./ns1_api_key.txt

networks:
  proxy:
    external: true

traefik.yml:

api:
  dashboard: true
  debug: true


entryPoints:
  http:
    address: ":80"
    http:
      middlewares:
        - crowdsec-bouncer@file
      redirections:
        entryPoint:
          to: https
          scheme: https
  https:
    address: ":443"
    http:
      middlewares:
        - crowdsec-bouncer@file

  http-external:
    address: ":81"
    http:
      middlewares:
        - crowdsec-bouncer@file
      redirections:
        entryPoint:
          to: https-external
          scheme: https

  https-external:
    address: ":444"
    http:
      middlewares:
        - crowdsec-bouncer@file

serversTransport:
  insecureSkipVerify: true

providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false
  file:
    filename: /config.yml

certificatesResolvers:
  ns1:
    acme:
      email: jaspermayone@gmail.com
      storage: acme.json
      
# caServer: https://acme-v02.api.letsencrypt.org/directory # prod (default)
      caServer: https://acme-staging-v02.api.letsencrypt.org/directory 
# staging
      dnsChallenge:
        provider: ns1
        disablePropagationCheck: true 
# uncomment this if you have issues pulling certificates through cloudflare, By setting this flag to true disables the need to wait for the propagation of the TXT record to all authoritative name servers.
        
#delayBeforeCheck: 60s # uncomment along with disablePropagationCheck if needed to ensure the TXT record is ready before verification is attempted
        resolvers:
          - "1.1.1.1:53"
          - "1.0.0.1:53"

log:
  level: "INFO"
  filePath: "/var/log/traefik/traefik.log"
accessLog:
  filePath: "/var/log/traefik/access.log"

Ty in advance for any help/suggestions!

Dupe of Having trouble using multiple domains with one instance

Those settings seem a bit strange to me. Why would you disable a Traefik check to see if the TXT records are set correctly? Why would you disable a delay to not wait for DNS update to have distributed through all systems? Why would you use third party DNS servers and not directly the one of your provider?

Enable and check Traefik debug log, especially for "ERR" or "error".