How to disable TLS certificate check

I have a service I want to proxify and this service speaks HTTPS only:

labels:
      - traefik.enable=true
      - traefik.http.routers.unifi.rule=Host(`unifi.example.com`)
      - traefik.http.services.unifi.loadbalancer.server.port=8443
      - traefik.http.services.unifi.loadbalancer.server.scheme=https

When accessing it, Traefik logs an error:

2025-07-17T12:47:12+02:00 ERR 500 Internal Server Error error="tls: failed to verify certificate: x509: cannot validate certificate for 172.18.0.48 because it doesn't contain any IP SANs"

I thought that adding the lines below to the root of traefik.yaml would help, but this does not change the error:

serversTransports:
  insecureSkipVerify: true

My understanding is that the above is a global setting, so it should apply to the entryPoint.websecure defined a few lines before - but apparently not.

How can I tell Traefik not to verify the TLS connection when in reverse proxy mode?

You can Add this in the command section of your traefik compose

• "--serversTransport.insecureSkipVerify=true" #No internal cert checking

Thanks, I tried that but the error is still there

I managed to find the solution.

• in a dynamic configuration file put

http:
  serversTransports:
    forceInsecureTransport:
      insecureSkipVerify: true

• in the docker labels of the service add

- traefik.http.services.<service name>.loadbalancer.serversTransport=forceInsecureTransport@file

Strange, a global
insecureSkipVerify (doc) should work, too.

I would have preferred that as well, this is one less file and label to handle, but adding

command:
  - --serversTransport.insecureSkipVerify=true

to the Traefik compose file did not help.

You can’t mix Traefik static config in traefik.yml file and command options (doc), decide for one.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.