Hey guys,
I need to use for one domain (chatwoot.domain.com ) certificate provided by Certification authority (this option does not work) and for others I need to use self-signed certificates (this option works correctly).
How to do this?
I use docker compose and the following compose file for traeffik:
Traeffik compose file
networks:
services:
traefik:
"--api.insecure=true"
"--providers.docker=true"
"--providers.docker.exposedbydefault=false"
"--entrypoints.web.address=:80"
"--entrypoints.web.http.redirections.entryPoint.to=websecure"
"--entrypoints.web.http.redirections.entrypoint.scheme=https"
"--entrypoints.websecure.address=:443"
"--certificatesresolvers.mytlschallenge.acme.tlschallenge=true"
"--certificatesresolvers.mytlschallenge.acme.email=${SSL_EMAIL}"
"--certificatesresolvers.mytlschallenge.acme.storage=/letsencrypt/acme.json"
"--providers.file.filename=/dynamic/tls.yaml"
"CF_DNS_API_TOKEN=${CF_DNS_API_TOKEN}"
"80:80"
"443:443"
./certs:/certs:ro
./dynamic:/dynamic:ro
traefik_data:/letsencrypt
/var/run/docker.sock:/var/run/docker.sock:ro
web
volumes:
and compose file for chatwoot.domain.com (Chatwoot service for client support, if you know):
Chatwoot compose file
rails:
postgres
redis
NODE_ENV=production
RAILS_ENV=production
INSTALLATION_ENV=docker
"traefik.enable=true"
"traefik.http.routers.chatwoot.rule=Host(chatwoot.domain.com )"
"traefik.http.routers.chatwoot.entrypoints=websecure"
"traefik.http.routers.chatwoot.tls=true"
"traefik.http.services.chatwoot.loadbalancer.server.port=3000"
networks:
What should I change or add to make it work?
Thanks!
Maxim.
If you want different cert sources for different domains, you should not enable tls on entrypoint.
Instead enable tls on routers. Assign a certResolver for LetsEncrypt TLS certs and just set tls: {} or tls=true for custom certs. Load those with a dynamic config file, which is loaded in static config via providers.file.
Thanks for reply!
If I cearly understand, I should add rows, like the following to the chatwoot’s compose:
- "traefik.http.routers.chatwoot.tls.certificates[0].certFile=/certs/chatwoot.crt"
- "traefik.http.routers.chatwoot.tls.certificates[0].keyFile=/certs/chatwoot.key"
- "traefik.http.routers.chatwoot.tls=true"
and delete the following in the traefik compose:
"--providers.file.filename=/dynamic/tls.yaml"
In this case I receive the following error in logs:
traefik-1 | 2025-09-30T08:12:15Z ERR error="field not found, node: certificates" container=rails-chatwoot-compose providerName=docker
I found the answer. My compose files is correct, but the row "--providers.file.filename=/dynamic/tls.yaml" should be earlier in code.
Wrong
command:
"--api.insecure=true"
"--providers.docker=true"
"--providers.docker.exposedbydefault=false"
"--entrypoints.web.address=:80"
"--entrypoints.web.http.redirections.entryPoint.to=websecure"
"--entrypoints.web.http.redirections.entrypoint.scheme=https"
"--entrypoints.websecure.address=:443"
"--certificatesresolvers.mytlschallenge.acme.tlschallenge=true"
"--certificatesresolvers.mytlschallenge.acme.email=${SSL_EMAIL}"
"--certificatesresolvers.mytlschallenge.acme.storage=/letsencrypt/acme.json"
"--providers.file.filename=/dynamic/tls.yaml"
Correct
command:
"--api.insecure=true"
"--providers.docker=true"
"--providers.docker.exposedbydefault=false"
"--providers.file.filename=/dynamic/tls.yaml"
"--entrypoints.web.address=:80"
"--entrypoints.web.http.redirections.entryPoint.to=websecure"
"--entrypoints.web.http.redirections.entrypoint.scheme=https"
"--entrypoints.websecure.address=:443"
"--certificatesresolvers.mytlschallenge.acme.tlschallenge=true"
"--certificatesresolvers.mytlschallenge.acme.email=${SSL_EMAIL}"
"--certificatesresolvers.mytlschallenge.acme.storage=/letsencrypt/acme.json"
This is enough for the solution.
system
October 3, 2025, 8:57am
6
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.