Is there a way to let some services manage their tls certificates themselves

Hi,

I'll try to configure traefik for something like that:

1. server.example.com --> traefik --> httpChallengeToLetsEncrypt
2. client --> traefik (passthrough tls) --> server.example.com( with let's encrypt )

N.B.: traefik receives its requests at example.com level

What is happening:

1. Works correctly only if traefik does not manage let's encrypt certificates itself (otherwise it does not transmit any request whose pathPrefix begins with ".well-known/acme-challenge" )

2. Does not work with a config for tcp router like this:

tcp:
  routers:
    example:
      entryPoints:
        - web-secure
      rule: "HostSNI(`server.example.com`)"
      service: example
      tls:
        passthrough: true

  services:
    example:
      loadBalancer:
        servers:
          - url: "https://192.168.0.1:443/"

How would you let one or more services manage their let's encrypt certificates themselves ?
And is it possible to do it at the same time that traefik also manages let's encrypt certificates or the problem mentioned in point 1 is it redibitory?

Best regards,

jmc

Hello,

I dig up this question by providing some details. I tried to request a feature on github, but they send me back here. Apparently, my request is not very clear, so I made a diagram to explain my request.

traefik_letsencrypt_feature762×539 18.3 KB

Do you think this is possible with the current version of traefik2 ? If yes, how ?
If not, don't you think that this could be a great feature ? Particularly for those who don't control their domain and who cannot make wildcard certificates by DNS Challenge and/or for those want to have a encrypted tunnel from client to server (in the easy part, communication between traefik and std server are not encrypt).

Best regards,

jmc