Hello,
I try to proxy a postgres with Traefik 2.0 with certificates from letsencrypt. The idea is, that one will have an encrypted connection to the postgres, but certificate management is handled by traefik.

my docker-compose file is as following:

version: '3.7'

networks:
  web:

volumes:
  miniodata:
  postgresql_data:

services:
  traefik:
    restart: always
    image: traefik:2.0
    container_name: traefik
    command: 
    # - --api
      - "--log.level=info"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=true"
      - "--entrypoints.https.address=:443"
      - "--entrypoints.http.address=:80"
      - "--entrypoints.postgresql.address=:34895"     
      - "--certificatesresolvers.letsencrypt.acme.tlschallenge=true"
      - "--certificatesresolvers.letsencrypt.acme.email=letsencrypt@domain.tld"
      - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
    ports:
      - "80:80"
      - "443:443"
      - "34895:34895"
    networks:
      - web
    volumes:
      - "./letsencrypt:/letsencrypt"
      - /var/run/docker.sock:/var/run/docker.sock # So that Traefik can listen to the Docker events

  postgresql:
    container_name: postgresql
    restart: always
    image: postgres:12
    expose:
      - 5432
    networks:
      - web
    environment:
      - POSTGRES_USER=postgres
      - POSTGRES_PASSWORD=pswd
    volumes:
      - postgresql_data:/var/lib/postgresql/data
    labels:
      - "traefik.tcp.routers.postgresql.rule=HostSNI(`*`)"
      - "traefik.tcp.routers.postgresql.entrypoints=postgresql"
      - "traefik.tcp.routers.postgresql.tls.certresolver=letsencrypt"
      - "traefik.tcp.routers.postgresql.tls.domains.main=postgres.domain.tld"

...

With disabled TLS everthing is working as expected. With TLS I can connect with openssl s_client and the correct cert is returned but not with psql

Is anybody facing the same problem?