Super happy about the new Traefik Hub for publishing services! I've ran in to an issue: The random-generated FQDN for the service seems to work fine on https:, however the SSL chain fails if you point at that service endpoint as a CNAME from an owned domain. This should be easy to reproduce:
- Create a Traefik Hub service
- take the random FQDN: shiny-new.asdfasdf.traefikhub.io
- create a CNAME in your owned-domain newservice.example.com -> shiny-new.asdfasdf.traefikhub.io
- try to navigate to this new service endpoint https://newservice.example.com and you will be presented with a SSL error. Inspecting the certificate presented, it is a self-signed "Traefik default certificate".
Digging around a bit, when I ping the FQDN of the traefik-provided DNS name, it resolves to an AWS global accelerator. Cool. That tells me Traefik is using some automation in AWS to build out the ELB endpoint in AWS. The default cert attached to this ELB should be either a LE cert, or perhaps even easier and cheaper for Traefik, just do a DNS-validated *.lbname.traefikhub.io AWS ACM certificate, and the chain will pass cleanly
Hoping for some comments from the Traefik Hub team on this. Thank you, and happy to help troubleshoot if helpful.