Lets Encrypt AND self signed certificates

My server is hosting services for the internet as well as some small services for the local network. So far I was able to secure the external services with Lets Encrypt. To improve security on my internal services (LAN only) I want to introduce TLS with self signed certificates.

I don't get the TLS to work with the self signed certificate. I simply don't see where I bind my docker to the self signed certificate.

The container I want to use a self signed certificate:

    build: ./dokuwiki
    container_name: dokuwiki
      - traefik.enable=true
      - traefik.http.routers.dokuwiki.entrypoints=internal
      - traefik.http.routers.dokuwiki.rule=Host(`servername.localdomain`)
      - traefik.http.routers.dokuwiki.tls=true
      # what do I use here to tell traefik to use the self signed certificate?!?
    image: traefik
    container_name: traefik
      - "80:80"
      - "443:443"
      - "8011:8080" 
      - "8642:8642" # the port where I want to use the self signed certificate 
      - /var/run/docker.sock:/var/run/docker.sock:ro 
      - ./traefik.toml:/traefik.toml
      - ./rules.toml:/rules.toml
      - ./acme.json:/acme.json
      - ./certs:/certs


    address = ":80"
    address = ":443"
    address = ":8642" # the port where I want to use the self signed certificate 


      email = "my-email@foo.bar"
      storage = "acme.json"

[[tls.certificates]]  # the self signed certificate 
  certFile = "/certs/localdomain.crt"
  keyFile = "/certs/localdomain.key"

1 Like


the tls section is a part of dynamic configuration: https://docs.traefik.io/v2.0/https/tls/#user-defined

So you have to create a dedicated file for that.

Thanks, that really worked!

But how does traefik know which certificate to use? How does that work if there is more than one self signed certificate? Does it evaluate the common name (CN)?

1 Like