IngressRoute to use default certificate for certain host

I have environment specific certificates (dev.domain.com, qa.domain.com, staging.domain.com) from let's encrypt handles by Traefik. Want to add default certificate (wildcard) for certain host, for that I have added TLS certificates (chain).

    [tls.certificates]
      certFile = "/certs/tls.crt"
      keyFile = "/certs/tls.key"

    [tls.stores]
      [tls.stores.default]
        [tls.stores.default.defaultCertificate]
          certFile = "/certs/tls.crt"
          keyFile  = "/certs/tls.key"

    [certificatesResolvers]
      [certificatesResolvers.default]
        [certificatesResolvers.default.acme]
          email = "admin@domain.com"
          caServer = "https://acme-v02.api.letsencrypt.org/directory"
          storage = "/etc/traefik/storage/acme.json"
          [certificatesResolvers.default.acme.dnsChallenge]
            provider = "route53"
            delayBeforeCheck = 0
            resolvers = ["1.1.1.1:53", "8.8.8.8:53"]

Then created

apiVersion: v1
kind: Secret
metadata:
  name: star-domain-com
data:
  tls.crt:
  "xxxxxxxxxxxxxxxxxx" #Certificate Chain
  tls.key:
  "xxxxxxxxxxxxxxxxxx"

Following is the IngressRoute I have created as per doc, here I want traefik to terminate SSL and forward connection to port 80.

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: firmware
spec:
  entryPoints:
    - internal
  routes:
    - match: Host(`util.domain.com`)
      kind: Rule
      services:
        - name: firmware
          port: 80
  tls:
    secretName: star-domain-com

But when I run following command, I dont get star-domain-com certificate

$ openssl s_client -showcerts -servername util.domain.com -connect util.domain.com:443
CONNECTED(00000003)
depth=0 CN = TRAEFIK DEFAULT CERT
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = TRAEFIK DEFAULT CERT
verify error:num=21:unable to verify the first certificate
verify return:1
---
Certificate chain
 0 s:/CN=TRAEFIK DEFAULT CERT
   i:/CN=TRAEFIK DEFAULT CERT
-----BEGIN CERTIFICATE-----
MIIDXjCCAkagAwIBAgIRALNbpwoNofbzCLeFOBveiOMwDQYJKoZIhvcNAQELBQAw
.
.
.
e6im/t3diQvJLWPFObUy+T3d5HMWfQxrKS+UFEUaLJKrFFBl3VR7iXEj31qDItcf
KtU=
-----END CERTIFICATE-----
---
Server certificate
subject=/CN=TRAEFIK DEFAULT CERT
issuer=/CN=TRAEFIK DEFAULT CERT
---
No client certificate CA names sent
---
SSL handshake has read 1472 bytes and written 454 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: 8FDB23A6B5...5D4CBA541715
    Session-ID-ctx:
    Master-Key: 8EABA2D....4ACDC8963
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket:
    0000 - eb d9 66 dd c3 fd bc 1b-38 eb cd b4 72 00 6d 3e   ..f.....8...r.m>
    0010 - 22 fa 1e 01 a6 6b 0f 19-c1 86 8c 40 f5 33 61 40   "....k.....@.3a@
    0020 - 8d 98 43 03 c8 23 25 eb-93 9e e9 9c ef 42 19 6b   ..C..#%......B.k
    0030 - 64 fd ed 44 f2 36 8b c4-70 21 91 4d 5b 32 da 5a   d..D.6..p!.M[2.Z
    0040 - 69 8b f0 20 db 72 68 2b-a4 f8 c8 96 af 40 49 73   i.. .rh+.....@Is
    0050 - 97 f4 8f 37 01 5d 80 20-a2 9e e9 ce dc 23 5b da   ...7.]. .....#[.
    0060 - 9b b6 82 9f 99 95 62 f2-f7 20 d0 bf bf 04 bf 35   ......b.. .....5
    0070 - 3f a4 f1 05 77 4a 1d fb-                          ?...wJ..

    Start Time: 1574808229
    Timeout   : 300 (sec)
    Verify return code: 21 (unable to verify the first certificate)

How can I force traefik to use default certificate (star_domain_com) for util.domain.com ?

At first sight, the configuration looks good. Not sure why Traefik is not picking the certificate.

Could you set Traefik's logs to debug, and provide it here please? It could help us to see if it loads the certificate star_domain_com and what domain names it retrieves from it, to see if the files are in valid PEM format, mounted on the right place etc.