I have 2 different certResolvers:
certificatesResolvers:
cert-com:
# cert for example.com
cert-org:
# cert for example.org
and this router:
http:
routers:
example:
entryPoints:
- websecure
rule: "Host(`example.com`) || Host(`example.org`)"
service: example
tls:
certResolver:
How can I use cert-com and cert-org for those hosts respectively?
I don't think that works, certResolver is clearly singlur, opposite to entryPoints, which accepts multiple values. You need to create two routers, one for each Host().
Shouldn't Traefik allow multiple certResolvers? Should I make a new feature request?
You can create a feature request on Github.
But from my experience the last years it`s not going to get implemented. You are the first one asking, there seems to be little need, the reduced number of devs is probably focusing on bigger things.
What happen if I don't set certResolver ? Will traefik still renew/generate certs and use them for hosts? I still don't understand what the default certificate is.
That is used for custom cert, like paid TLS certificates. You set tls=true for router to enable custom certificates, without any certresolver, load via tls in dynamic config.
The default one is used even if the domain does not match, otherwise a Traefik default one is created and used for which most browsers/clients will throw an error.
You can of course use any LE client to generate the TLS certs and then just load them in Traefik. That way you can use multiple providers. But you need to renew them manually every 90 days.
Going back one step: with the standard LE tlsChallenge you can generate certs with different domains from different DNS providers. Usually you just need different certresolvers with dnsChallenge to generate wildcards, if domain is not externally reachable or if you have more than 50 (sub-)domains.
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.