Traefik selecting wrong certificate

Traefik Traefik v2 (latest)
1

I believe I'm describing a bug.

I have a problem on selecting the certificate when both letsencrypt and static certs are present.

I have a router defined on file as this:

    [http.routers.aca-no-www]
      entryPoints = ["web-secured"]
      middlewares = ["add-www"]
      rule = "Host(`my-domain.it`)"
      service = "aca"
      [http.routers.aca-no-www.tls]
        certresolver = "leresolver"

Note: the cert is correctly obtained from letsencrypt.

I also have defined the following:

[[tls.certificates]] 
    certFile = "/etc/traefik/certs/wildcard_2021_my_domain.crt"
    keyFile = "/etc/traefik/certs/wildcard_2021_my_domain.key"

but this certificate has expired.

My idea is that the router mandates that the certificate is to be obtained from Let'sEncrypt so that that cert is to be used.

In reality traefik serves both of them in different moments (I did not understand on which base).
Moreover it servers it even though it expired...

Is this a bug or this behaviour should be expected?

thanks

2

Hi, did you fix this if so how?

3

Declare TLS certs in dynamic config and set tls=true in dynamic config, then those are used. Docs.

For LetsEncrypt you create certificatesResolvers in static config and assign it in dynamic config tls.certresolver=xxx. Docs.

Traefik configuration basics: there is one static configuration, either via command (line) or via --configFile. Dynamic configuration comes from providers like docker or file within the static config - and/or can be applied by Docker labels to the service/container.