Multiple SSL certificate matching failed

The https certificate is purchased by the company. The first-level domain name is a.com. The company is divided into three environments: dev, test, and prod, corresponding to three domain name certificates, dev.a.com, test.a.com, and a.com.
When I use the domain name xxx.a.com, I can load the a.com certificate.
When I am using xxx.dev.a.com or xxx.test.a.com, I cannot load the corresponding dev.a.com or test.a.com domain certificate

ssl.toml file

[tls]

  [[tls.certificates]]
    certFile = "/config/certs/a.com.crt"
    keyFile = "/config/certs/a.com.key"
    stores = ["default"]

  [[tls.crtificates]]
    crtFile = "/config/certs/dev.a.com.crt"
    keyFile = "/config/certs/dev.a.com.key"
    stores = ["adev"]

  [tls.options]
    [tls.options.default]
      minVersion = "VersionTLS12"
    [tls.options.mintls13]
      minVersion = "VersionTLS13"

http.toml file

[http]
  [http.routers]
    [http.routers.Router0001]
      namespace = "default"
      entryPoints = ["web", "websecure"]
      service = "appv2-a"
      rule = "Host (` ll.a.com`) "
      middlewares = ["test-ipwhitelist", "test-redirectscheme"]
      priority = 42
      [http.routers.Router0001.tls]

  [http.services]
    [http.services.appv2-a]
      [http.services.appv2-a.loadBalancer]
      passHostHeader = true
      [[http.services.appv2-a.loadBalancer.servers]]
        url = "http: //appv2.default.svc.cluster.local: 80"

The above configuration can load a.com certificate. If you write ll.a.com as ll.dev.a.com, you cannot load the dev.a.com certificate.

Hello,

The HTTPS redirection cannot be done like that, you have to create 2 routers.

[http.routers]
  [http.routers.Router0001]
    entryPoints = ["websecure"]
    service = "appv2-a"
    rule = "Host(`ll.a.com`)"
    middlewares = ["test-ipwhitelist"]
    priority = 42
    [http.routers.Router0001.tls]

[http.routers.Router0001-http]
  entryPoints = ["web"]
  service = "noop"
  rule = "Host(`ll.a.com`)"
  middlewares = ["test-redirectscheme"]

[http.services]
  [http.services.appv2-a]
    [http.services.appv2-a.loadBalancer]
      passHostHeader = true
      [[http.services.appv2-a.loadBalancer.servers]]
        url = "http: //appv2.default.svc.cluster.local: 80"
  
  [http.services.noop]
    [[http.services.noop.loadBalancer.servers]]
      url = "http://192.198.0.1:1337"

Recommend read: