Not able to configure traefik to serve my certificate when accessing over https

I am trying to configure k8 ingress controller to serve application traffic.

Even after following the docs on the same, traefik is serving default certificate instead of my certificate from Secret.

1. k8 secret of type tls is created in both, Ingress and Ingress Controller namespaces.
2. Service Account used by controller has access to all namespaces via ClusterRoleBinding
3. In the logs I can see the following -

time="2021-09-20T08:12:26Z" level=debug msg="No default certificate, generating one" tlsStoreName=default
time="2021-09-20T08:12:26Z" level=debug msg="Adding certificate for domain(s) *.example.com"

When accessing the site from Chrome, Certificate error pops up, traefik is serving its default certificate instead of my certificate.

In Logs.
time="2021-09-20T08:13:24Z" level=debug msg="Serving default certificate for request: "moose.us-phoenix-1.dev.channels.ocs.oc-test.com""
time="2021-09-20T08:13:24Z" level=debug msg="http: TLS handshake error from 10.245.3.128:9960: remote error: tls: bad certificate"

Ingress Controller Options -

  --global.checknewversion
  --global.sendanonymoususage
  --entryPoints.metrics.address=:9100/tcp
  --entryPoints.traefik.address=:9000/tcp
  --entryPoints.web.address=:8000/tcp
  --entryPoints.websecure.address=:8443/tcp
  --api.dashboard=true
  --ping=true
  --metrics.prometheus=true
  --metrics.prometheus.entrypoint=metrics
  --providers.kubernetescrd
  --providers.kubernetesingress
  --providers.kubernetesingress.ingressendpoint.publishedservice=example/traefik-myclass-controller
  --entrypoints.web.http.redirections.entryPoint.to=:443
  --entrypoints.web.http.redirections.entryPoint.scheme=https
  --entrypoints.websecure.http.tls=true
  --accesslog=true
  --accesslog.fields.defaultmode=keep
  --accesslog.fields.headers.defaultmode=drop
  --log.level=DEBUG
  --providers.kubernetesingress.ingressclass=traefik-myclass

Ingress Defination-

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: animals-ocna
namespace: traefik-apps
annotations:
kubernetes.io/ingress.class: traefik-example
traefik.ingress.kubernetes.io/router.tls: "true"
traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
spec:
rules:

• host: moose.example.com
  http:
  paths:
  • path: /
    backend:
    serviceName: moose
    servicePort: http
    tls:
• hosts:
  • moose.example.com
    secretName: star.example.com

Secret

apiVersion: v1
data:
tls.crt: LM0tSS****
tls.key: LM0tSS****
kind: Secret
metadata:
annotations:
name: star.example.com
namespace: traefik-apps
type: kubernetes.io/tls

Certificate presented -

TRAEFIK DEFAULT CERT

Please help

Image: traefik:2.5.1
helm: traefik-10.3.2

Issue here was with the wild card certificate and hostname.

*.example.com would match only something.example.com
not beyond - a.b.example.com won't match

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.