Traefik not serving custom SSL certificate

bluepuma77 · September 18, 2023, 10:28am

How Traefik TLS works. Traefik will first look for a matching cert (by hostname encoded in the cert, works with wildcards) in your list of defined certs:

tls:
  certificates:
    - certFile: /path/to/domain.cert
      keyFile: /path/to/domain.key
    - certFile: /path/to/second-domain.cert
      keyFile: /path/to/second-domain.key

If no match is found, then Traefik will use the single cert in the default store:

tls:
  stores:
    default:
      defaultCertificate:
        certFile: path/to/cert.crt
        keyFile: path/to/cert.key

If nothing is defined, it will create a custom Traefik cert, which the browser will warn about.

Make sure your cert files have the correct content:

certFile:
        -----BEGIN CERTIFICATE-----
        ...
        -----END CERTIFICATE-----
        -----BEGIN CERTIFICATE-----
        ...
        -----END CERTIFICATE-----
        -----BEGIN CERTIFICATE-----
        ...
        -----END CERTIFICATE-----
keyFile:
        -----BEGIN PRIVATE KEY-----
        ...
        -----END PRIVATE KEY-----

Topic		Replies	Views
Traefik is not using the default certificates provided by dynamic config Traefik v3 (latest) docker	3	297	July 28, 2025
Trouble understanding how traefik picks up a custom SSL certificate for a domain Traefik v2 docker , docker-swarm	15	21423	December 14, 2020
Github.com/traefik/traefik/v3/pkg/tls/tlsmanager.go:228 > Serving default certificate for request: "sub1.domain1.com" Traefik v3 (latest) docker	1	301	April 9, 2025
Configuring SSL with mkcert and Docker Traefik v3 (latest) docker	4	1329	March 23, 2025
Traefik uses own cert files instead of provided Traefik v2 docker	7	4023	February 22, 2024

Traefik not serving custom SSL certificate

Related topics