Middleware missing error--but only in the `web-to-secure` router

I consistently get this error. web-to-secure redirect works, but it complains it's missing the middleware. I confirmed the middleware does work for direct HTTPS requests.

error="middleware \"lan-vpn-ipallowlist@file\" does not exist" entryPointName=web routerName=web-to-websecure@internal

In my dynamic.yaml:

http:
  middlewares:
    lan-vpn-ipallowlist:
      ipAllowList:
        sourceRange:
          - "10.6.210.0/24" # vpn
          - "192.168.1.0/24" # lan
          - "127.0.0.1/32" # self
          - "::1" # selfv6

Then in docker-compose.yaml:

services:
  traefik:
    image: traefik:v3.2.1
    container_name: "traefik"
    command:
      - "--api.insecure=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entryPoints.web.address=:80"
      - "--entryPoints.web.http.middlewares=lan-vpn-ipallowlist@file"
      - "--entryPoints.websecure.address=:443"
      - "--entryPoints.websecure.http.middlewares=lan-vpn-ipallowlist@file"
      - "--entrypoints.web.http.redirections.entryPoint.to=websecure"
      - "--entrypoints.web.http.redirections.entryPoint.scheme=https"
      - "--entrypoints.web.http.redirections.entrypoint.permanent=true"
      - "--providers.file.filename=/etc/traefik/dynamic.yml"
      - "--serversTransport.insecureSkipVerify=true"

      # dns resolver
      - "--OMITTED--"
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    environment:
      - "--OMITTED--"
    dns:
      - 192.168.1.81
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "./dynamic.yml:/etc/traefik/dynamic.yml:ro"
      - "./letsencrypt:/letsencrypt"
    restart: unless-stopped

Have you tried to move providers.file to the top? Maybe it’s a timing issue when the dynamic data is available. But it’s just a guess, no idea if that has any impact at all.

Thanks. I'll try and report back.