TCP router with TLS is using wrong certificate

Hey @mkarg,

Thanks for coming to the community forum, I am glad that @douglasdtm was able to give you the answer and I hope it suits your needs.

I do want to take a moment to second @bluepuma77's statement for future reference, if you think you found a bug, you can always open an issue after checking the forum (Not needed in this case now that the Head of the OSS Project just helped you out).

But also, the community forum is a place where community members support each other and there is no need to be rude if they come from a perspective that does not address your needs. Of course you should feel free to give that feedback, bit it is best to communicate from a place of kindness rather than a place of impatience when people are trying to help you.

1 Like

Thank you, @douglasdtm, for explaining this undocumented behavior. Nevertheless, the certificate used for this route still is the wrong one. How to tell Traefik to pick the right one? Apparently a TLS connection to will definitively fail because traefik answers it using a certificate not containing the domain name!

Tiffany, thank you for telling me. Please understand that I am no native speaker, so while I did not have the intention to be rude, it might be received that way. Sorry if this was the case. Regarding@bluepume77, I already told him several times, that his attempts did not answer my question and did not see another wording making him understand that there is no need to further guess workarounds for other problems I do not have actually.

I get it, it can be difficult to manage tone in writing, and even more difficult when one is doing it in a second (or third or fourth...) language.

I always start from the assumption that the folks I am working with are likely speaking in their own second language and gratitude that they are talking the time with me.

I am sorry this situation is super frustrating and I am going to let Douglas follow up with you when he gets back, hopefully it will be resolved soon.

Then that is really weird, would you be able to share the certificate file, /etc/traefik-acme/acme.json, from this environment?

It can enlighten us on what certificates are being matched on incoming requests, then we can look into the why :slight_smile:

Did you actually just ask me to put my private key into your public user forum...?!

No, and I think you know that is not the case.

You can share either a redacted version or your file through a DM, or just ask how you can share the file.

Once again please change your tone, the excuse "I am not a native speaker" will not work again.

I do not understand what you mean with tone regarding my latest posting. I meant what I wrote. It was not insulting, it was a real question. In fact I did not know that it was not meant that way. I do not have email addresses of any Traefik maintainers. Nor do I know where to otherwise upload the file. I also do not know how to redact a certificate in way that it is still usable for you but does not contain the PK anymore, but is still a valid acme file. Sorry if that sounds rude to you, but it is the truth.