How to force traefik to generate certificate for a domain?

I am intending to generate multiple wildcard certificates using cloudflare dnschallenge for multiple domains. For instance -

Certificate1 - & *
Certificate2 - & *

Pointing out the most relevant section from the docker compose

 - "[0]"
 - "[0].sans=*"
 - "[1]"
 - "[1].sans=*"

The first certificate is generated perfectly fine but the issue is that while generating the second certificate, it outputs the following in logs

Domain "" is duplicated in the configuration or validated by the domain { [*]}. It will be processed once

As a result of this, is not processed in the second certificate and this cert only remains valid for * Is there any way to force traefik to process this domain inspite of being covered by a earlier certificate ?

docker-compose -
Traefik version 3.0.0-beta3
Ubuntu 22.04

It seems Traefik and le-go are "smart" and won’t create overlapping certs.

Do you need sans=*"?" would be covering it.

After further testing, it doesn't seem possible to create certificates that overlap with each other. The only way out i found was to create a single domain sans with everything required

- "[0]"
- "[0].sans=*,*"

If you want this really bad, you can of course create your own LE certificates outside of Traefik, for example with certbot.

Certbot needs to know about the domains, you can use existing or additional labels, get data from Traefik API or directly from Docker socket.

Then you need to run certbot and create the certs, finally provide them to Traefik either as file for providers.file or as web-service for providers.http.

I built a proof-of-concept to create a LE solution for clustered Traefik.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.