Lo all,
I've been using Traefik for a while, and just been caught by the LetsEncrypt cert issue, which caused me to want to regenerate my certificates.
I deleted acme.json, "touched" it (blank file) and chmodded to 600 and restarted traefik
I got a bunch of errors initially, and some warnings on deprecated config - which I corrected, and then restarted, and saw no errors.
However, I noticed that acme.json was only getting ONE cert, whereas before I had 5.
In my dynamic config, I have a "catch all" host defined for anything hitting my host with no valid SNI name, and that is the ONLY router I have that has a "main" domain setup for my resolver.
ALL other routers simply have sans defined, ala 
Here is my middleware & nohost router
[http.middlewares.bouncer]
[http.middlewares.bouncer.redirectRegex]
regex=".*"
replacement="https://www.mydomain.co.uk"
[http.routers.nohost]
# Define the hostname to be used
rule = [ "HostHeader(`mydomain.co.uk`)" ]
# Define the entrypoint
entrypoints = [ "websecure" ]
# Target the "nohost" service
service = "nohost"
# Define the middlewares to use
middlewares = [ "bouncer" ]
# Enable TLS
[http.routers.nohost.tls]
# Specify which resolver to use
certResolver = "mythicbeasts"
# Define the domain to use, as it's one higher than the others
[[http.routers.nohost.tls.domains]]
main = "mydomain.co.uk"
And here is my router SSL front end...with SAN only (no main)
[http.routers.gateway]
# Define the hostname to be used
rule = "HostHeader(`gateway.mydomain.co.uk`)"
# Define the entrypoints
entrypoints = [ "websecure" ]
# Target the "gateway" service
service = "gateway"
# Enable TLS
[http.routers.gateway.tls]
# Specify which resolver to use
certResolver = "mythicbeasts"
# Select certs
[[http.routers.gateway.tls.domains]]
sans = [ "*.mydomain.co.uk" ]
This has been working fine, so is there any reason Traefik now seems to only be requested/generating the cert for mydomain.co.uk and NOT *.mydomain.co.uk?
I've rolled back my acme.json for the time being, as I got rate-limited by LE.