SSL Certificate with multiple domains

Hello,

I'm not sure to understand exactly how traefik works with multiple domains management and SSL certificates. What I'm trying to achieve is exactly the same as this unanswered StackOverflow post.

I have configured a certificate resolver:

# traefik.toml file
[certificatesResolvers.nekland.acme]
  email = "some@nekland.fr"
  storage = "/letsencrypt/acme.json"

  [certificatesResolvers.nekland.acme.tlsChallenge]

And I have a docker with the following configuration:

services:
  nginx:
    image: nginx:1.21
    restart: always
    volumes:
      - ./conf.d:/etc/nginx/conf.d
      - /infrastructure/webapps:/webapps
    networks:
      - traefik
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.nginx.entryPoints=websecure"
      - "traefik.http.routers.nginx.rule=HostRegexp(`nekland.fr`, `{subdomain:.*}.nekland.fr`, `ea-invest-conseil.fr`, `{subdomain:.*}.ea-invest-conseil.fr`)"
      - "traefik.http.routers.nginx.priority=1"
      - "traefik.http.routers.nginx.tls=true"
      - "traefik.http.routers.nginx.tls.certResolver=nekland"

On nekland.fr I have a valid while the situation is more complicated on ea-invest-conseil.fr. I have no idea why it works on the first and fails on the second. But also this configuration seems to be "too simple" to be real (even though traefik is designed for simple configurations).

Is there a good solution to make this work ?

Thanks!

You can get a LetsEncrypt cert with multiple domains, just use label .rule=Host()||Host().

For real wildcard certificates (*.example.com) you need to use dnsChallenge.