Traefik is not using the wildcard LE certs

I used to have a working traefik instance on a Synology NAS.
This NAS has been shutdown for some weeks.
I updated traefik to 2.10.4 and now this log is created(replaced real DNS names with mydns1 and mydns2):

time="2023-08-22T22:45:34+02:00" level=info msg="Traefik version 2.10.4 built on 2023-07-24T16:29:02Z"
time="2023-08-22T22:45:34+02:00" level=debug msg="Static configuration loaded {\"global\":{\"checkNewVersion\":true},\"serversTransport\":{\"insecureSkipVerify\":true,\"maxIdleConnsPerHost\":200},\"entryPoints\":{\"http\":{\"address\":\":80\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":\"10s\"},\"respondingTimeouts\":{\"idleTimeout\":\"3m0s\"}},\"forwardedHeaders\":{},\"http\":{},\"http2\":{\"maxConcurrentStreams\":250},\"udp\":{\"timeout\":\"3s\"}},\"https\":{\"address\":\":443\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":\"10s\"},\"respondingTimeouts\":{\"idleTimeout\":\"3m0s\"}},\"forwardedHeaders\":{},\"http\":{},\"http2\":{\"maxConcurrentStreams\":250},\"udp\":{\"timeout\":\"3s\"}}},\"providers\":{\"providersThrottleDuration\":\"2s\",\"docker\":{\"watch\":true,\"endpoint\":\"unix:///var/run/docker.sock\",\"defaultRule\":\"Host(`{{ normalize .Name }}`)\",\"swarmModeRefreshSeconds\":\"15s\"},\"file\":{\"watch\":true,\"filename\":\"/config.yml\"}},\"api\":{\"dashboard\":true,\"debug\":true},\"log\":{\"level\":\"DEBUG\",\"format\":\"common\"},\"certificatesResolvers\":{\"production\":{\"acme\":{\"email\":\"juergen.reiss@gmx.de\",\"caServer\":\"https://acme-v02.api.letsencrypt.org/directory\",\"storage\":\"acme.json\",\"keyType\":\"RSA4096\",\"certificatesDuration\":2160,\"httpChallenge\":{\"entryPoint\":\"http\"}}},\"staging\":{\"acme\":{\"email\":\"juergen.reiss@gmx.de\",\"caServer\":\"https://acme-staging-v02.api.letsencrypt.org/directory\",\"storage\":\"acme-staging.json\",\"keyType\":\"RSA4096\",\"certificatesDuration\":2160,\"httpChallenge\":{\"entryPoint\":\"http\"}}},\"wildcard\":{\"acme\":{\"email\":\"juergen.reiss@gmx.de\",\"caServer\":\"https://acme-v02.api.letsencrypt.org/directory\",\"storage\":\"acme.json\",\"keyType\":\"RSA4096\",\"certificatesDuration\":2160,\"dnsChallenge\":{\"provider\":\"cloudflare\",\"resolvers\":[\"1.1.1.1:53\",\"1.0.0.1:53\"]}}}}}"
time="2023-08-22T22:45:34+02:00" level=info msg="\nStats collection is disabled.\nHelp us improve Traefik by turning this feature on :)\nMore details on: https://doc.traefik.io/traefik/contributing/data-collection/\n"
time="2023-08-22T22:45:35+02:00" level=info msg="Starting provider aggregator aggregator.ProviderAggregator"
time="2023-08-22T22:45:35+02:00" level=info msg="Starting provider *file.Provider"
time="2023-08-22T22:45:35+02:00" level=debug msg="*file.Provider provider configuration: {\"watch\":true,\"filename\":\"/config.yml\"}"
time="2023-08-22T22:45:35+02:00" level=debug msg="Starting TCP Server" entryPointName=http
time="2023-08-22T22:45:35+02:00" level=debug msg="Starting TCP Server" entryPointName=https
time="2023-08-22T22:45:35+02:00" level=info msg="Starting provider *traefik.Provider"
time="2023-08-22T22:45:35+02:00" level=debug msg="*traefik.Provider provider configuration: {}"
time="2023-08-22T22:45:35+02:00" level=info msg="Starting provider *acme.ChallengeTLSALPN"
time="2023-08-22T22:45:35+02:00" level=debug msg="*acme.ChallengeTLSALPN provider configuration: {}"
time="2023-08-22T22:45:35+02:00" level=info msg="Starting provider *docker.Provider"
time="2023-08-22T22:45:35+02:00" level=debug msg="*docker.Provider provider configuration: {\"watch\":true,\"endpoint\":\"unix:///var/run/docker.sock\",\"defaultRule\":\"Host(`{{ normalize .Name }}`)\",\"swarmModeRefreshSeconds\":\"15s\"}"
time="2023-08-22T22:45:35+02:00" level=info msg="Starting provider *acme.Provider"
time="2023-08-22T22:45:35+02:00" level=debug msg="*acme.Provider provider configuration: {\"email\":\"mymail@gmx.de\",\"caServer\":\"https://acme-v02.api.letsencrypt.org/directory\",\"storage\":\"acme.json\",\"keyType\":\"RSA4096\",\"certificatesDuration\":2160,\"dnsChallenge\":{\"provider\":\"cloudflare\",\"resolvers\":[\"1.1.1.1:53\",\"1.0.0.1:53\"]},\"ResolverName\":\"wildcard\",\"store\":{},\"TLSChallengeProvider\":{},\"HTTPChallengeProvider\":{}}"
time="2023-08-22T22:45:35+02:00" level=debug msg="Attempt to renew certificates \"720h0m0s\" before expiry and check every \"24h0m0s\"" ACME CA="https://acme-v02.api.letsencrypt.org/directory" providerName=wildcard.acme
time="2023-08-22T22:45:35+02:00" level=info msg="Testing certificate renew..." providerName=wildcard.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory"
time="2023-08-22T22:45:35+02:00" level=debug msg="Configuration received: {\"http\":{\"routers\":{\"acme-http\":{\"entryPoints\":[\"http\"],\"service\":\"acme-http@internal\",\"rule\":\"PathPrefix(`/.well-known/acme-challenge/`)\",\"priority\":2147483647}},\"services\":{\"acme-http\":{},\"api\":{},\"dashboard\":{},\"noop\":{}},\"serversTransports\":{\"default\":{\"insecureSkipVerify\":true,\"maxIdleConnsPerHost\":200}}},\"tcp\":{},\"udp\":{},\"tls\":{}}" providerName=internal
     
023-08-22T22:45:35+02:00" level=debug msg="Configuration received: {\"http\":{\"routers\":{\"files\":{\"entryPoints\":[\"http\"],\"middlewares\":[\"https-redirectscheme\"],\"service\":\"files\",\"rule\":\"Host(`files.mydns1.org`)\"},\"files_sec\":{\"entryPoints\":[\"https\"],\"service\":\"files\",\"rule\":\"Host(`files.mydns1.org`)\",\"tls\":{}},\"fritzbox\":{\"entryPoints\":[\"http\"],\"middlewares\":[\"https-redirectscheme\"],\"service\":\"fritzbox\",\"rule\":\"Host(`fritzbox.mydns1.org`)\"},\"fritzbox_sec\":{\"entryPoints\":[\"https\"],\"service\":\"fritzbox\",\"rule\":\"Host(`fritzbox.mydns1.org`)\",\"tls\":{}},\"pihole\":{\"entryPoints\":[\"http\"],\"middlewares\":[\"https-redirectscheme\"],\"service\":\"pihole\",\"rule\":\"Host(`pihole.mydns1.org`)\"},\"pihole_sec\":{\"entryPoints\":[\"https\"],\"middlewares\":[\"piholeAdmin\"],\"service\":\"pihole\",\"rule\":\"Host(`pihole.mydns1.org`)\",\"tls\":{}},\"toaster\":{\"entryPoints\":[\"http\"],\"middlewares\":[\"https-redirectscheme\"],\"service\":\"toaster\",\"rule\":\"Host(`toaster.mydns1.org`)\"},\"toaster_sec\":{\"entryPoints\":[\"https\"],\"service\":\"toaster\",\"rule\":\"Host(`toaster.mydns1.org`)\",\"tls\":{}},\"webdav_sec\":{\"entryPoints\":[\"https\"],\"service\":\"webdav\",\"rule\":\"Host(`webdav.mydns1.org`)\",\"tls\":{}}},\"services\":{\"files\":{\"loadBalancer\":{\"servers\":[{\"url\":\"https://192.168.1.223:7001\"}],\"passHostHeader\":true}},\"fritzbox\":{\"loadBalancer\":{\"servers\":[{\"url\":\"https://192.168.1.1/\"}],\"passHostHeader\":true}},\"pihole\":{\"loadBalancer\":{\"servers\":[{\"url\":\"http://192.168.1.193\"}],\"passHostHeader\":true}},\"toaster\":{\"loadBalancer\":{\"servers\":[{\"url\":\"https://192.168.1.223:5001\"}],\"passHostHeader\":true}},\"webdav\":{\"loadBalancer\":{\"servers\":[{\"url\":\"https://192.168.1.223:5006/\"}],\"passHostHeader\":true}}},\"middlewares\":{\"https-redirectscheme\":{\"redirectScheme\":{\"scheme\":\"https\",\"permanent\":true}},\"non-www-to-www\":{\"redirectRegex\":{\"regex\":\"^https?://(?:www\\\\.)?(.+)\",\"replacement\":\"https://www.${1}\",\"permanent\":true}},\"piholeAdmin\":{\"addPrefix\":{\"prefix\":\"/admin\"}},\"secHeaders\":{\"headers\":{\"sslRedirect\":true,\"customFrameOptionsValue\":\"SAMEORIGIN\",\"contentTypeNosniff\":true,\"browserXssFilter\":true}},\"www-to-non-www\":{\"redirectRegex\":{\"regex\":\"^https://www\\\\.(.+)\",\"replacement\":\"https://${1}\",\"permanent\":true}}}},\"tcp\":{},\"udp\":{},\"tls\":{}}" providerName=file
time="2023-08-22T22:45:35+02:00" level=debug msg="Configuration received: {\"http\":{},\"tcp\":{},\"udp\":{},\"tls\":{}}" providerName=wildcard.acme
time="2023-08-22T22:45:35+02:00" level=info msg="Starting provider *acme.Provider"
time="2023-08-22T22:45:35+02:00" level=debug msg="*acme.Provider provider configuration: {\"email\":\"mymail@gmx.de\",\"caServer\":\"https://acme-staging-v02.api.letsencrypt.org/directory\",\"storage\":\"acme-staging.json\",\"keyType\":\"RSA4096\",\"certificatesDuration\":2160,\"httpChallenge\":{\"entryPoint\":\"http\"},\"ResolverName\":\"staging\",\"store\":{},\"TLSChallengeProvider\":{},\"HTTPChallengeProvider\":{}}"
time="2023-08-22T22:45:35+02:00" level=info msg="Starting provider *acme.Provider"
time="2023-08-22T22:45:35+02:00" level=debug msg="*acme.Provider provider configuration: {\"email\":\"mymail@gmx.de\",\"caServer\":\"https://acme-v02.api.letsencrypt.org/directory\",\"storage\":\"acme.json\",\"keyType\":\"RSA4096\",\"certificatesDuration\":2160,\"httpChallenge\":{\"entryPoint\":\"http\"},\"ResolverName\":\"production\",\"store\":{},\"TLSChallengeProvider\":{},\"HTTPChallengeProvider\":{}}"
time="2023-08-22T22:45:35+02:00" level=debug msg="Attempt to renew certificates \"720h0m0s\" before expiry and check every \"24h0m0s\"" providerName=production.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory"
time="2023-08-22T22:45:35+02:00" level=info msg="Testing certificate renew..." providerName=production.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory"
time="2023-08-22T22:45:35+02:00" level=debug msg="Configuration received: {\"http\":{},\"tcp\":{},\"udp\":{},\"tls\":{}}" providerName=production.acme
time="2023-08-22T22:45:35+02:00" level=debug msg="Attempt to renew certificates \"720h0m0s\" before expiry and check every \"24h0m0s\"" providerName=staging.acme ACME CA="https://acme-staging-v02.api.letsencrypt.org/directory"
time="2023-08-22T22:45:35+02:00" level=info msg="Testing certificate renew..." providerName=staging.acme ACME CA="https://acme-staging-v02.api.letsencrypt.org/directory"
time="2023-08-22T22:45:35+02:00" level=debug msg="Configuration received: {\"http\":{},\"tcp\":{},\"udp\":{},\"tls\":{}}" providerName=staging.acme
time="2023-08-22T22:45:35+02:00" level=debug msg="Provider connection established with docker 20.10.23 (API 1.41)" providerName=docker
time="2023-08-22T22:45:35+02:00" level=debug msg="Filtering disabled container" providerName=docker container=mariadb-photoprism-0fbf7f4eb7a47c21fc789c3a2b33b5111ae1a8c648bf3b04684c7df5c417373d
time="2023-08-22T22:45:35+02:00" level=debug msg="Filtering disabled container" providerName=docker container=pihole-pihole-021a05c029da80d13bb79333f7c854d71c478586a78a4b2e98dde9ef9a870e44
time="2023-08-22T22:45:35+02:00" level=debug msg="Filtering disabled container" providerName=docker container=db-gitea-3fc3a84e41debf8452e7634ddac5d8e968153de116ea3780d2eeaaa1bda99777
time="2023-08-22T22:45:35+02:00" level=debug msg="Filtering disabled container" providerName=docker container=cloudflared-cloudflared-772bb815f3990a98d582cfc50f2c45682eac46ba01f691f3c275ba1709bde690
time="2023-08-22T22:45:35+02:00" level=debug msg="Filtering disabled container" providerName=docker container=db-wordpress-mydns2-19071b51eb1c9d1249b434638dfc9c5c146500f507a063c7e6211343ed26ac71
time="2023-08-22T22:45:35+02:00" level=debug msg="Filtering disabled container" container=db-wordpress-mydns1-354278e9394b25b43631c6214cfdb63dcc561ecbfcd42ab0ded125370bd4bce6 providerName=docker
time="2023-08-22T22:45:35+02:00" level=debug msg="Filtering disabled container" providerName=docker container=bitcoind-bitcoin-node-a752a27536e22168ec8ae71d5afc9b65679d2ef858a289c967794484b61eb14d
time="2023-08-22T22:45:35+02:00" level=debug msg="Configuration received: {\"http\":{\"routers\":{\"calibre\":{\"entryPoints\":[\"http\"],\"middlewares\":[\"https-redirectscheme@file\"],\"service\":\"calibre\",\"rule\":\"Host(`calibre.mydns1.org`)\"},\"calibre-secure\":{\"entryPoints\":[\"https\"],\"service\":\"calibre\",\"rule\":\"Host(`calibre.mydns1.org`)\",\"tls\":{}},\"calibre-web\":{\"entryPoints\":[\"http\"],\"middlewares\":[\"https-redirectscheme@file\"],\"service\":\"calibre-web\",\"rule\":\"Host(`calibre-web.mydns1.org`)\"},\"calibre-web-secure\":{\"entryPoints\":[\"https\"],\"service\":\"calibre-web\",\"rule\":\"Host(`calibre-web.mydns1.org`)\",\"tls\":{}},\"gitea\":{\"entryPoints\":[\"http\"],\"middlewares\":[\"https-redirectscheme@file\"],\"service\":\"gitea\",\"rule\":\"Host(`gitea.mydns1.org`)\"},\"gitea-secure\":{\"entryPoints\":[\"https\"],\"service\":\"gitea\",\"rule\":\"Host(`gitea.mydns1.org`)\",\"tls\":{}},\"mydns2\":{\"entryPoints\":[\"http\"],\"middlewares\":[\"https-redirectscheme@file\",\"non-www-to-www@file\"],\"service\":\"mydns2\",\"rule\":\"Host(`mydns2.com`, `www.mydns2.com`)\"},\"mydns2-secure\":{\"entryPoints\":[\"https\"],\"middlewares\":[\"non-www-to-www@file\"],\"service\":\"mydns2\",\"rule\":\"Host(`mydns2.com`,`www.mydns2.com`)\",\"tls\":{}},\"heimdall\":{\"entryPoints\":[\"http\"],\"middlewares\":[\"https-redirectscheme@file\"],\"service\":\"heimdall\",\"rule\":\"Host(`heimdall.mydns1.org`)\"},\"heimdall-secure\":{\"entryPoints\":[\"https\"],\"service\":\"heimdall\",\"rule\":\"Host(`heimdall.mydns1.org`)\",\"tls\":{}},\"mydns1\":{\"entryPoints\":[\"http\"],\"middlewares\":[\"https-redirectscheme@file\",\"non-www-to-www@file\"],\"service\":\"mydns1\",\"rule\":\"Host(`mydns1.org`, `www.mydns1.org`)\"},\"mydns1-secure\":{\"entryPoints\":[\"https\"],\"middlewares\":[\"non-www-to-www@file\"],\"service\":\"mydns1\",\"rule\":\"Host(`mydns1.org`, `www.mydns1.org`)\",\"tls\":{}},\"photoprism\":{\"entryPoints\":[\"http\"],\"middlewares\":[\"https-redirectscheme@file\"],\"service\":\"photoprism\",\"rule\":\"Host(`bilder.mydns1.org`)\"},\"photoprism-secure\":{\"entryPoints\":[\"https\"],\"service\":\"photoprism\",\"rule\":\"Host(`bilder.mydns1.org`)\",\"tls\":{}},\"portainer\":{\"entryPoints\":[\"http\"],\"middlewares\":[\"https-redirectscheme@file\"],\"service\":\"portainer\",\"rule\":\"Host(`portainer.mydns1.org`)\"},\"portainer-secure\":{\"entryPoints\":[\"https\"],\"service\":\"portainer\",\"rule\":\"Host(`portainer.mydns1.org`)\",\"tls\":{}},\"traefik\":{\"entryPoints\":[\"http\"],\"middlewares\":[\"https-redirectscheme@file\"],\"service\":\"traefik\",\"rule\":\"Host(`traefik.mydns1.org`)\"},\"traefik-secure\":{\"entryPoints\":[\"https\"],\"service\":\"api@internal\",\"rule\":\"Host(`traefik.mydns1.org`)\",\"tls\":{}},\"whoami-secure\":{\"service\":\"noop@internal\",\"rule\":\"Host(`traefik-traefik`)\",\"tls\":{\"certResolver\":\"wildcard\",\"domains\":[{\"main\":\"*.mydns1.org\"},{\"main\":\"*.mydns2.com\"}]}}},\"services\":{\"calibre\":{\"loadBalancer\":{\"servers\":[{\"url\":\"http://172.29.0.5:8080\"}],\"passHostHeader\":true}},\"calibre-web\":{\"loadBalancer\":{\"servers\":[{\"url\":\"http://172.29.0.6:8083\"}],\"passHostHeader\":true}},\"gitea\":{\"loadBalancer\":{\"servers\":[{\"url\":\"http://172.29.0.3:3000\"}],\"passHostHeader\":true}},\"mydns2\":{\"loadBalancer\":{\"servers\":[{\"url\":\"http://172.29.0.8:80\"}],\"passHostHeader\":true}},\"heimdall\":{\"loadBalancer\":{\"servers\":[{\"url\":\"http://172.29.0.7:80\"}],\"passHostHeader\":true}},\"mydns1\":{\"loadBalancer\":{\"servers\":[{\"url\":\"http://172.29.0.9:80\"}],\"passHostHeader\":true}},\"photoprism\":{\"loadBalancer\":{\"servers\":[{\"url\":\"http://172.29.0.4:2342\"}],\"passHostHeader\":true}},\"portainer\":{\"loadBalancer\":{\"servers\":[{\"url\":\"http://172.29.0.2:9000\"}],\"passHostHeader\":true}},\"traefik\":{\"loadBalancer\":{\"servers\":[{\"url\":\"http://172.29.0.10:888\"}],\"passHostHeader\":true}}}},\"tcp\":{},\"udp\":{}}" providerName=docker
time="2023-08-22T22:45:35+02:00" level=debug msg="No default certificate, fallback to the internal generated certificate" tlsStoreName=default

time="2023-08-22T22:45:37+02:00" level=debug msg="Adding route for traefik-traefik with TLS options default" entryPointName=http
time="2023-08-22T22:45:37+02:00" level=debug msg="Adding route for portainer.mydns1.org with TLS options default" entryPointName=https
time="2023-08-22T22:45:37+02:00" level=debug msg="Adding route for calibre.mydns1.org with TLS options default" entryPointName=https
time="2023-08-22T22:45:37+02:00" level=debug msg="Adding route for mydns1.org with TLS options default" entryPointName=https
time="2023-08-22T22:45:37+02:00" level=debug msg="Adding route for traefik-traefik with TLS options default" entryPointName=https
time="2023-08-22T22:45:37+02:00" level=debug msg="Adding route for mydns2.com with TLS options default" entryPointName=https
time="2023-08-22T22:45:37+02:00" level=debug msg="Adding route for bilder.mydns1.org with TLS options default" entryPointName=https
time="2023-08-22T22:45:37+02:00" level=debug msg="Adding route for files.mydns1.org with TLS options default" entryPointName=https
time="2023-08-22T22:45:37+02:00" level=debug msg="Adding route for toaster.mydns1.org with TLS options default" entryPointName=https
time="2023-08-22T22:45:37+02:00" level=debug msg="Adding route for gitea.mydns1.org with TLS options default" entryPointName=https
time="2023-08-22T22:45:37+02:00" level=debug msg="Adding route for www.mydns2.com with TLS options default" entryPointName=https
time="2023-08-22T22:45:37+02:00" level=debug msg="Adding route for fritzbox.mydns1.org with TLS options default" entryPointName=https
time="2023-08-22T22:45:37+02:00" level=debug msg="Adding route for traefik.mydns1.org with TLS options default" entryPointName=https
time="2023-08-22T22:45:37+02:00" level=debug msg="Adding route for heimdall.mydns1.org with TLS options default" entryPointName=https
time="2023-08-22T22:45:37+02:00" level=debug msg="Adding route for pihole.mydns1.org with TLS options default" entryPointName=https
time="2023-08-22T22:45:37+02:00" level=debug msg="Adding route for www.mydns1.org with TLS options default" entryPointName=https
time="2023-08-22T22:45:37+02:00" level=debug msg="Adding route for calibre-web.mydns1.org with TLS options default" entryPointName=https
time="2023-08-22T22:45:37+02:00" level=debug msg="Adding route for webdav.mydns1.org with TLS options default" entryPointName=https
time="2023-08-22T22:45:37+02:00" level=debug msg="Looking for provided certificate(s) to validate [\"*.mydns2.com\"]..." ACME CA="https://acme-v02.api.letsencrypt.org/directory" providerName=wildcard.acme
time="2023-08-22T22:45:37+02:00" level=debug msg="No ACME certificate generation required for domains [\"*.mydns2.com\"]." providerName=wildcard.acme ACME CA="https://acme-v02.api.letsencrypt.org/directory"
time="2023-08-22T22:45:37+02:00" level=debug msg="Looking for provided certificate(s) to validate [\"*.mydns1.org\"]..." ACME CA="https://acme-v02.api.letsencrypt.org/directory" providerName=wildcard.acme
time="2023-08-22T22:45:37+02:00" level=debug msg="No ACME certificate generation required for domains [\"*.mydns1.org\"]." ACME CA="https://acme-v02.api.letsencrypt.org/directory" providerName=wildcard.acme

The wildcards no longer work, only the default certs are issued by traefik. Any ideas what is going on?

If the config hasn’t changed, did the domains, IPs or credentials change?

Sorry, there is no issue actually. I overlooked something. Topic closed!