Traefik ignores one of two certificates in configuration

Traefik Traefik v3 (latest)
1

Greetings,

I have the following docker-compose.yaml

---
name: sonic

services:
  sonic-aab:
    container_name: sonic
    image: myimage
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.sonic-lan.entrypoints=lan"
      - "traefik.http.routers.sonic-lan.tls=true"
      - "traefik.http.routers.sonic-lan.tls.certresolver=namecheap"
      - "traefik.http.routers.sonic-lan.rule=Host(`sonic.example.com`)"
      - "traefik.http.routers.sonic-wan.entrypoints=wan"
      - "traefik.http.routers.sonic-wan.tls=true"
      - "traefik.http.routers.sonic-wan.tls.certresolver=namecheap"
      - "traefik.http.routers.sonic-wan.rule=Host(`as.example.com`)"
    networks:
      - frontend
    restart: unless-stopped

networks:
  frontend:
    external: true

my entry points

entryPoints:
  lan-insecure:
    address: :80
    http:
     redirections:
       entryPoint:
         to: lan
         scheme: https
  lan:
    address: :443
  wan:
    address: :4433

I do get the certificate for as.example.com but traefik ignores sonic.example.com. I'm completely confused, will appreciate any help

2

Share you full Traefik static and dynamic config, and docker-compose.yml if used.

Enable and check Traefik debug log (doc) and Traefik access log in JSON format (doc).

1 Like
3

I forgot to share an update, sorry

Here’s what I did:
I commented out the following lines:

      - "traefik.http.routers.sonic-lan.entrypoints=lan"
      - "traefik.http.routers.sonic-lan.tls=true"
      - "traefik.http.routers.sonic-lan.tls.certresolver=namecheap"
      - "traefik.http.routers.sonic-lan.rule=Host(`sonic.example.com`)"

Then, I deployed the changes, uncommented the lines, and deployed again.

It worked after that, though I’m not entirely sure what caused the issue. I’ll keep an eye on how Traefik handles certificate renewal and will post an update if I encounter the same problem again.

Thanks!

4

You never shared your certresolver definition.

5

the full configuration traefik.yaml is


global:
  checkNewVersion: false
  sendAnonymousUsage: false

api: {}

entryPoints:
  lan-insecure:
    address: :80
    http:
     redirections:
       entryPoint:
         to: lan
         scheme: https
  lan:
    address: :443
  wan:
    address: :4433

certificatesResolvers:
  namecheap:
    acme:
      email: ...omitted...
      storage: /var/traefik/certs/namecheap-acme.json
      caServer: "https://acme-v02.api.letsencrypt.org/directory"
      dnsChallenge:
        provider: namecheap
        resolvers:
          - "1.1.1.1:53"
          - "8.8.8.8:53"

providers:
  docker:
    exposedByDefault: false
  file:
    directory: /etc/traefik
    watch: true