How to offer certificate with subdomain (own certificate)


I'm looking for a solution to offer a certificate for my subdomain *
I have my own certificate configure like this in a traefik-config.toml :

  certFile = "/certificates/crt/"
  keyFile = "/certificates/key/"

i tried to add these command in my traefik configuration but doesn't work :


Here is my full configuration :

version: '3.8'



    # Use the latest v2.4.x Traefik image available

    image: traefik:v2.4


      # Listen on port 80, default for HTTP, necessary to redirect to HTTPS

      - 80:80

      # Listen on port 443, default for HTTPS

      - 443:443

      # Listen on port 5672, default for Rabbit

      - 5672:5672



      replicas: 1


        max_replicas_per_node: 1


          # Traefik must be on a manager node due to access to swarm api (socket proxy can bypass but for our use case it's useless)

          - node.role == manager


        order: start-first

        failure_action: rollback

        delay: 10s


        order: stop-first


        condition: any

        delay: 5s

        max_attempts: 3

        window: 120s


        # Enable Traefik for this service, to make it available in the public network

        - traefik.enable=true

        # Use the traefik-public network (declared below)


        # Use the custom label "traefik.constraint-label=traefik-public"

        # This public Traefik will only use services with this label

        # That way you can add other internal Traefik instances per stack if needed

        - traefik.constraint-label=traefik-public

        # admin-auth middleware with HTTP Basic auth

        # Using the environment variables USERNAME and HASHED_PASSWORD

        - traefik.http.middlewares.admin-auth.basicauth.users=${TRAEFIK_USERNAME?Variable not set}:${TRAEFIK_HASHED_PASSWORD?Variable not set}

        # https-redirect middleware to redirect HTTP to HTTPS

        # It can be re-used by other stacks in other Docker Compose files

        - traefik.http.middlewares.https-redirect.redirectscheme.scheme=https

        - traefik.http.middlewares.https-redirect.redirectscheme.permanent=true

        # traefik-http set up only to use the middleware to redirect to https

        # Uses the environment variable DOMAIN

        - traefik.http.routers.traefik-public-http.rule=Host(`${TRAEFIK_DOMAIN?Variable not set}`)

        - traefik.http.routers.traefik-public-http.entrypoints=http

        - traefik.http.routers.traefik-public-http.middlewares=https-redirect

        # traefik-https the actual router using HTTPS

        # Uses the environment variable DOMAIN

        - traefik.http.routers.traefik-public-https.rule=Host(`${TRAEFIK_DOMAIN?Variable not set}`)

        - traefik.http.routers.traefik-public-https.entrypoints=https

        - traefik.http.routers.traefik-public-https.tls=true

        # Use the special Traefik service api@internal with the web UI/Dashboard

        - traefik.http.routers.traefik-public-https.service=api@internal

        # Enable HTTP Basic auth, using the middleware created above

        - traefik.http.routers.traefik-public-https.middlewares=admin-auth

        # Define the port inside of the Docker service to use



      # Add Docker as a mounted volume, so that Traefik can read the labels of other services

      - /var/run/docker.sock:/var/run/docker.sock:ro

      # Mount the volume to store the certificates

      - /etc/ssl/d3t:/certificates:ro

      # Mount the wildcard certicates config

      - ./traefik.config.toml:/etc/traefik/traefik.config.toml:ro


      # Enable Docker in Traefik, so that it reads labels from Docker services

      - --providers.docker

      # Add a constraint to only use services with the label "traefik.constraint-label=traefik-public"

      - --providers.docker.constraints=Label(`traefik.constraint-label`, `traefik-public`)

      # Do not expose all Docker services, only the ones explicitly exposed

      - --providers.docker.exposedbydefault=false

      # Enable Docker Swarm mode

      - --providers.docker.swarmmode

      # Create an entrypoint "http" listening on port 80

      - --entrypoints.http.address=:80

      # Create an entrypoint "https" listening on port 443

      - --entrypoints.https.address=:443

      # Create an entrypoint "rabbit" listening on port 5672

      - --entrypoints.rabbit.address=:5672

      # Wildcard certificates config

      - --providers.file.filename=/etc/traefik/traefik.config.toml



      # Watch changes on config


      # Enable the access log, with HTTP requests

      - --accesslog

      # Enable the Traefik log, for configurations and errors

      - --log.level=DEBUG

      # Enable the Dashboard and API

      - --api


      # Use the public network created to be shared between Traefik and

      # any other service that needs to be publicly available with HTTPS



  # Use the previously created public network "${TRAEFIK_PUBLIC_NETWORK_NAME}", shared with other

  # services that need to be publicly available via this Traefik

  {{ traefik_public_network_name }}:

    external: true

Thank for your help