Question about TLS Certificates and LE


I am wondering if what i am trying to do is possible.

My current setup is i have a domain using CloudFlare for DNS and for most subdomains i use the CloudFlare proxy with an origin certificate.

Now the issue i am having is for some subdomains, i do not use the CF proxy and go directly to my Traefik, and what happens is even though i have setup a certificate resolver to get LE certificates Traefik is using the origin certificate for those even though i have told the router to use the LE certificate resolver.

Now i know why this is happening, it is because the CF origin certificate is a wildcard certificate for the whole domain and Traefik is matching that and deciding not to request a LE certificate. I am able to temporarily bypass this behavior by removing the origin cert from the config which causes Traefik to request the LE certificate for the routers that are set to do so then adding the origin certificate back to the config, but this is not ideal i would like to be able to just have it work seamlessly.

Now for my question; Is it possible to make Traefik to ignore the CF origin certificate for certain routers and make it request a LE cert?

You could try to declare multiple certresolver, maybe even with different acme files, and assign on router, not on global entrypoint.

For my case there is only one certresolver as the CF origin certificates are actual files, not stored in acme. E.G.:

    - certFile: /certificates/domain.crt
      keyFile: /certificates/domain.key