Running Traefik in docker swarm, I have the following yaml
version: '3.8'
services:
traefik:
image: traefik:v3.2 hostname: '{{.Node.Hostname}}' ports: \# listen on host ports without ingress network - target: 80 published: 80 protocol: tcp mode: host - target: 443 published: 443 protocol: tcp mode: host networks: - proxy volumes: - /var/run/docker.sock:/var/run/docker.sock:ro - "/etc/certs:/etc/certs:ro" #- "/etc/certs/homenet.lan.crt:/etc/certs/homenet.lan.crt:ro" #- "/etc/certs/homenet.lan.key:/etc/certs/homenet.lan.key:ro" - "./config/tls.yml:/etc/traefik/tls.yml:ro" - /var/log/traefik:/var/log/traefik:rw command: - --api.dashboard=true - --log.level=TRACE - --log.maxSize=1 - --log.maxBackups=2 - --log.maxAge=3 - --log.compress=true - --log.filepath=/var/log/traefik/traefik.log - --accesslog=true - --providers.file.filename=/etc/traefik/tls.yml - --accesslog.filepath=/var/log/traefik/traefik-access.log - --accesslog.format=common - --providers.swarm.exposedByDefault=false - --providers.swarm.network=proxy - --entrypoints.web.address=:80 - --entrypoints.web.http.redirections.entrypoint.to=websecure - --entryPoints.web.http.redirections.entrypoint.scheme=https - --entrypoints.websecure.address=:443 - --entrypoints.websecure.asDefault=true #- --entrypoints.websecure.http.tls.domains\[0\].main=homenet.lan #- --entrypoints.websecure.http.tls.domains\[0\].sans=\*.homenet.lan #- --entrypoints.websecure.http.tls.certresolver=myresolver #- --certificatesresolvers.myresolver.acme.email=mail@example.com #- --certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json #- --certificatesresolvers.myresolver.acme.tlschallenge=true deploy: mode: global placement: constraints: - node.role==manager labels: - traefik.enable=true - traefik.http.routers.mydashboard.rule=Host(\`proxy.homenet.lan\`) - traefik.http.routers.mydashboard.entrypoints=websecure - traefik.http.routers.mydashboard.tls=true - traefik.http.routers.mydashboard.service=api@internal #- traefik.http.routers.mydashboard.middlewares=myauth - traefik.http.services.mydashboard.loadbalancer.server.port=1337 #- traefik.http.middlewares.myauth.basicauth.users=admin:$$apr1$$kXrZuhzF$$w3a0K/Uyq38KlhW/bEw6y0
networks:
proxy:
name: proxy external: true driver: overlay attachable: true
and my tls yml file is as follows: ( i even tried a version where sniStrict: false)
tls:
options:
default: sniStrict: true
stores:
default: defaultCertificate: certFile: /etc/certs/services/homenet.lan.crt keyFile: /etc/certs/services/homenet.lan.key
certificates:
\# Additional certificates for other domains - certFile: /etc/certs/services/mydomain.io.crt keyFile: /etc/certs/services/mydomain.io.key stores: - default
when i try to connect with mydomain.io i am getting the default ssl instead of mydomain ssl.
here is the log when starting the traefik
2025-07-31T23:06:28Z DBG github.com/traefik/traefik/v3/pkg/tls/certificate.go:132 > Adding certificate for domain(s) *.mydomain.io,cloudflare origin certificate,mydomain.io
2025-07-31T23:06:28Z DBG github.com/traefik/traefik/v3/pkg/tls/certificate.go:132 > Adding certificate for domain(s) *.homenet.lan