Renewed TLS Certificate NOT reflecting in Kubernetes Custer (EKS)

Hi Community,

We are using Traefik Ingress Controller in our Kubernetes Cluster in AWS (EKS).
We use Network Load Balancer to allow access to Cluster.

Problem statement - Renewed TLS Certificates are not reflecting. Our TLS certificates are expiring in a month's time. We have renewed the certificate (I have mentioned the steps done for certificate renewal here), but the new certificates are not reflecting when we access the URL in browser.

Few details of our environment -
Kubernetes Version - 1.14
Traefik image - traefik:1.7

Here is short snippet of our treafik ingress controller (Indentation is corrupted during copy paste - pasted for reference.. It's a working copy)

apiVersion: v1
kind: ServiceAccount
metadata:
name: traefik-corp-ingress-controller
namespace: kube-system

kind: Deployment
apiVersion: extensions/v1beta1
metadata:
name: traefik-corp-ingress-controller
namespace: kube-system
labels:
k8s-app: traefik-corp-ingress-lb
spec:
replicas: 3
selector:
matchLabels:
k8s-app: traefik-corp-ingress-lb
template:
metadata:
labels:
k8s-app: traefik-corp-ingress-lb
name: traefik-corp-ingress-lb
spec:
serviceAccountName: traefik-corp-ingress-controller
terminationGracePeriodSeconds: 60
containers:
- image: traefik:1.7
name: traefik-corp-ingress-lb
ports:
- name: https
containerPort: 443
args:
- --api
- --kubernetes
- --kubernetes.ingressclass=traefik-corp
- --logLevel=INFO
- --defaultentrypoints=https
- --entrypoints=Name:https Address::443 TLS
- --insecureSkipVerify=true

kind: Service
apiVersion: v1
metadata:
name: traefik-corp-ingress-service-v2
namespace: kube-system
annotations:
service.beta.kubernetes.io/aws-load-balancer-type: "nlb"
spec:
selector:
k8s-app: traefik-corp-ingress-lb
ports:
- port: 443
name: https
type: LoadBalancer

We generated certificates 2 years back for wildcard with common name -
Common name: *.mydomain.company.com

Certificate Renewal process we followed (as its about to expire):

  1. Received new certificate from our security team with same common name. Received PFX file
    Common name: *.mydomain.company.com
  2. Used openssl to generate -> .key, .cer, .chain files
    openssl pkcs12 -in wildcard.mydomain.company.com.1234567890.pfx -nocerts -nodes -out wildcard.mydomain.company.com.key
    openssl pkcs12 -in wildcard.mydomain.company.com.1234567890.pfx -nocerts -nodes -out wildcard.mydomain.company.com.cer
    openssl pkcs12 -in wildcard.mydomain.company.com.1234567890.pfx -nocerts -nodes -out wildcard.mydomain.company.com.chain
  3. Applied new TLS certificate in cluster
    kubectl delete secret wildcard-my-tls-cert -n dev
    kubectl create secret tls wildcard-my-tls-cert --key=wildcard.mydomain.company.com.key --cert=wildcard.mydomain.company.com.cer -n dev
    I checked in Kubernetes dashboards and the certificates are updated.
  4. Example of sample ingress resource we create -
    apiVersion: extensions/v1beta1
    kind: Ingress
    metadata:
    name: {{.Chart.Name}}-corp
    annotations:
    kubernetes.io/ingress.class: traefik-corp
    spec:
    rules:
    - host: dev-customer-service.mydomain.company.com
    http:
    paths:
    - path: /
    backend:
    serviceName: customer-service
    servicePort: 80
    tls:
    - secretName: wildcard-my-tls-cert

**New Certificates are not reflecting. **
Any advice from the community what further details we should check to fix the issue.