Multiple overlapping certificates

R88 · September 23, 2024, 6:12pm

I have two overlapping certificates.

*.domain.com from an external CA
*.intranet.domain.com and *.domain.com explicit distributed by an internal CA

Traefik routes into both domains. Now I like to get access to server1.domain.com only using the certificate by the external CA. Both certificates are in the traefik-dynamic.toml:

[[tls.certificates]]
  certFile = "/certs/intranet.domain.com.crt"
  keyFile = "/certs/intranet.domain.com.key"

[[tls.certificates]]
  certFile = "/certs/domain.com.crt"
  keyFile = "/certs/domain.com.key"

I found out that I can use this sequence with the external CA for *.domain.com at second position. Then it works fine and the right external certificate is used. If I change the sequence then the internal is used.

Is this the right way to to get the desired assignment? Is this update save? Are certificate stores the better / foreseen way and how they must be used? The documentation about cerificate and stores https://doc.traefik.io/traefik/https/tls gives not really a help for an assignment of certificate to routers or store to routers.

Topic		Replies	Views
Why can't we specify a global certificate resolver PER domain? Traefik v2 letsencrypt-acme	2	335	October 7, 2020
Multiple certificates in TLSstore Traefik v2 kubernetes-crd	3	3900	June 21, 2024
Traefik and Cert-manage: Using one certificate across multiple namespaces with Letsencrypt Traefik v2 kubernetes-ingress	0	624	March 6, 2023
2 Certificates for 2 Subdomains of Same Container, Traefik v2 letsencrypt-acme	2	612	November 8, 2021
SSL Certificate with multiple domains Traefik v2 docker	1	2158	January 11, 2023

Multiple overlapping certificates

Related topics