Okay, I have a Traefik daemonset in k8s with a Consul kv backend (certs stored in ..kv/traefik/acme/account). Hit an issue where the service account for LE DNS challenge was mounted as a volume instead of a file and we just hit a little snag over an expired certificate. Luckily we caught it and recovered fairly quickly, but the postmortem has me a little confused. We tuned our loglevel to INFO and watched the cert renewal process from the cluster renewal. Looks like traefik holds on to and renews any certificate it's ever been issued. Not sure if this is a side effect of the KV cert storage location, but would love to chat and figure out how to remedy that. Also, anyone know if that's still the case in 2.0?
All of our services are picked up from the --kubernetes flag. DNS challenges all passed, we got all the certs renewed, but I am sure there are 25-30 old subdomains in there that I would like to purge to prevent requesting them in the future, but don't know how without purging all of them.
Any help is greatly appreciated.