Tls not working after upgrade to v3

Traefik Traefik v3 (latest)
1

I upgrade from v2 to v3
in v2 i use ingressroute with tls that store in secret -

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: my-traefik
  annotations:
    ingressClass: "traefik"
spec:
  entryPoints:
  - web
  - websecure
  routes:
    services:
    - name: my-service
      port: 80
      scheme: http
  - match: example.com
    kind: Rule
    services:
    - name: my-name
      port: 80
      scheme: http
  tls:
    secretName: my-secret

in v2 it works fine
and now I get this logs-

2024-05-02T12:14:06Z DBG github.com/traefik/traefik/v3/pkg/tls/tlsmanager.go:228 > Serving default certificate for request: "example.com"
2024-05-02T12:14:06Z DBG github.com/traefik/traefik/v3/pkg/tls/tlsmanager.go:228 > Serving default certificate for request: "example.com"
2024-05-02T12:14:06Z DBG log/log.go:245 > http: TLS handshake error from 10.220.0.1:57414: remote error: tls: unknown certificate
2024-05-02T12:14:06Z DBG log/log.go:245 > http: TLS handshake error from 10.220.0.1:64461: remote error: tls: unknown certificate

how to fix it ?

1 Like
2

I have this exact same problem. I wonder if it's to do with the KubernertesGateway option?

Imagine many people have this problem/have the solution.

3

I found out how to do it, you need to create a TLS store:

apiVersion: traefik.io/v1alpha1
kind: TLSStore
metadata:
  name: default
  namespace: traefik
spec:
  defaultCertificate:
    secretName: jimsgarage-tls

Hope that helps.

4

Hi,
As I understand, in case of TLSStore you serve default certificate and that means that Traefik can't match a certificate from the secret with the domain from the routing rule.

So, it works, but does it work correctly?

I also have a problem that Traefik doesn't serve a certificate from the secret