Traefik + cloudflare SSL

I had this traefik setup with porkbun.com, and the SSL certificates were working fine, I switched to CloudFlare, they tell me I need to create origin certificates, I added the certificates and traefik tells me the certificates are invalid, how should I change the configuration so that traefik works with CloudFlare's SSL?

#docker-compose-yml
version: '3.3'

services:
  traefik:
    image: "traefik:latest"
    command:
      - "--log.level=DEBUG"
      - "--api.insecure=true"
      - "--api.dashboard=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--providers.file.directory=/etc/traefik/dynamic_conf"
    ports:
      - "80:80"
      - "443:443"
      - "3000:8080"
    networks:
      - epsilon
    volumes:
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "./config.yml:/etc/traefik/dynamic_conf/conf.yml:ro"
      - "./certs:/certs:ro"

networks:
  epsilon:
    external: true
volumes:
  certificados:
#config.yml
    tls:
  certificates:
    - certFile: ./domain.crt
      keyFile: ./private.key

Fix spacing and ensure to use full paths inside container.

Make sure you use a website TLS cert with domain name and the .crt file includes the full trust chain, the file should have at least two certs in text format.

Nowadays usually automatic TLS cert generation is used (certResolver, doc), as valid period is becoming shorter. Check simple Traefik example and simple Traefik dnsChallenge example.