Issue certificate for entire sub-domain via LetsEncrypt

Is it possible to configure Traefik to issue a certificate for the entire sub-domain instead of individual hostnames? If so, how?


As a work-around, potentially I could issue a cert like this manually & configure Traefik to use it. I would have to remember to re-issue the cert manually 3 months later.

For context, due to amount of new ingresses we create, we're starting to observe errors related to rate limiting coming from LetsEncrypt.

For more context, as part of our CI/CD pipeline, we deploy "review applications" on every Pull Request created in GitHub. Part of creating a review application is creating a deployment, service and ingress objects in k8s. An ingress created contains a hostname pointing to specific application:
# etc.

Ideally, we want to tell Traefik this:

  • when in need to issue a cert for,
  • check if there's a cert for *,
  • if there's one - just use it,
  • if there's no such cert - issue a cert for *,
  • when cert for * is about to expire - please, re-new it automatically.