Manually update SSL certificates

I have setup traffic to use a certificate that I provide in a folder. So far that works when defining the cert as default - didn't manage to bind it only to https endpoint . The setup looks like this:

        image: traefik:v2.5
        container_name: traefik-test
        restart: always
            - "--log.level=DEBUG"
            - "--api=true"
            - "--api.dashboard=true"
            - "--api.insecure=true"      
            - "--providers.docker=true"
            - "--providers.docker.exposedbydefault=false"
            - ""  
            - "--serversTransport.insecureSkipVerify=true"    
            - "--entrypoints.https.address=:443"                 
            - "--providers.file=true"
            - "--providers.file.filename=/dyn/dynamic.toml"
            - traefik_proxy_test
            - "444:443"
            - "8082:8080"
            - ${USERDIR}/docker/traefik/ssl:/etc/traefik/ssl
            - ${USERDIR}/docker/traefik/dyn:/dyn
            - /var/run/docker.sock:/var/run/docker.sock:ro            
          - "traefik.enable=true"
          - ""
          - "traefik.http.routers.traefik.rule=Host(`test.${DOMAINNAME}`)"
          - "traefik.http.routers.traefik.entrypoints=https"
          - "traefik.http.routers.traefik.service=api@internal"
          - "traefik.http.routers.traefikloadbalancer.server.port=8080"
      certFile = "/etc/traefik/ssl/cert.pem"
      keyFile  = "/etc/traefik/ssl/key.pem"

However refreshing the certificate by replacing the files does not work. I need to restart traefik to recognize the new certificates. Is there a better way to make traefik aware of updated certificates? I don't like to terminate my users.

Hello @jwillmer,

As tls.stores.default.defaultCertificate are part of the dynamic traefik configuration, there is no need to restart traefik to update this configuration.

What's maybe your issue is the usage of --providers.file.filename. We recomand using as it has a better FS handler.

I ended up modifying the path to the certificates every time a new one is provided. This way traefik recognizes a change. I can toggle between two certificate paths since the last is not cached.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.