Traefik Ingress Controller deployed via Helm, how to generate certificate by default

rrrrrrrrrr · January 28, 2026, 6:19pm

Hi there

It’s all in the title, I deployed Traefik IG in my homelab, I’d like to skip using cert-manager in favor of Traefik’s own ACME provider. But couldn’t find how enforce certificate generation by default for any ingress/ingressroute going through websecure.

traefik-d49df48db-q4qw4 traefik 2026-01-28T17:26:32Z DBG github.com/traefik/traefik/v3/pkg/provider/acme/provider.go:1008 > No ACME certificate generation required for domains ACME CA=https://acme-v02.api.letsencrypt.org/directory acmeCA=https://acme-v02.api.letsencrypt.org/directory domains=["paste.example.com"] providerName=letsencrypt.acme routerName=websecure-privatebin-privatebin-paste-example-com@kubernetes rule="Host(paste.example.com) && PathPrefix(/)"

Maybe I could explicitely ask for it with a `traefik.ingress.kubernetes.io/router.tls.certresolver: letsencrypt` annotation, but I’d rather have a setting in the chart’s values.yaml to switch it on by default. Running latest chart as of today, and my values.yaml is

```
certificatesResolvers:
letsencrypt:
acme:
email: "letsencrypt@garrigue.re"
storage: "/data/acme.json"
httpChallenge:
entryPoint: "web"

ports:
web:
http:
redirections:
entryPoint:
to: websecure
scheme: https
permanent: true
websecure:
http:
tls:
certResolver: letsencrypt
```

What am I missing ?

bluepuma77 · January 28, 2026, 6:23pm

Usually you would use cert-manager in k8s for TLS certs, maybe check this doc.

Traefik’s own CertResolver is not cluster-enabled, except for the paid version, that’s why it’s usually not used in a k8s setting.

rrrrrrrrrr · January 29, 2026, 12:57pm

I’m not using cert-manager because it’s a homelab (k3s running on turing pi) with a single traefik pod running.

It ended up working, not sure why it didn’t worked before, but Firefox’s happy now, while Chrome still isn’t …

Topic		Replies	Views
TRAEFIK DEFAULT CERT on domain that have Let's encrypt cert-manager certificate issued Traefik v2 letsencrypt-acme	2	2239	August 8, 2022
Traefik on Kubernetes keeps on using default certificate Traefik v2 kubernetes-crd	1	1699	May 9, 2024
Traefik certificatesResolvers conf for user certificate Traefik v2 file , letsencrypt-acme	4	895	November 7, 2019
Default certificate from letsencrypt Traefik v2 file	23	17213	April 18, 2023
"No default certificate, generating one" when starting Traefik Traefik v2 kubernetes-crd , kubernetes-ingress , letsencrypt-acme	0	1367	August 28, 2020

Traefik Ingress Controller deployed via Helm, how to generate certificate by default

Related topics