What does this mean? It will create its own public valid TLS cert? How?
Traefik needs access to the TLS cert to be able to read the domain from incoming TLS requests and be able to run the router rule matching. If no cert is available, then only HostSNI(`*`) can be used and you lose your routing functionality. And if you enable TLS without a cert, then Traefik will create a default TLS cert, for which client/browser will warn about.
Alternatively you let Traefik use existing TLS cert or create one via LetsEncrypt and proxy/forward requests internally via https to the target service with the different TLS cert.