Traefik still serving default cert

hi. I have hosted adguard server behind traefik proxy.
when i have tried to use DOH on chrome i was getting Please verify that this is a valid provider or try again later.

later i have realised traefik serving default cert over 853

kdig -d @mydomain.tld +tls-ca +tls-host=mydomain.tld

;; DEBUG: Querying for owner(, class(1), type(1), server(mydomain.tld), port(853), protocol(TCP)
;; DEBUG: TLS, imported 137 system certificates
;; DEBUG: TLS, received certificate hierarchy:
;; DEBUG:      SHA-256 PIN: Lhw7SUI7h6skkjhdfaskjHDSUysdhsojdkdhdmnf7y+lyg=
;; DEBUG: TLS, skipping certificate PIN check
;; DEBUG: TLS, The certificate is NOT trusted. The certificate issuer is unknown. The name in the certificate does not match the expected. 
;; WARNING: TLS, handshake failed (Error in the certificate.)
;; ERROR: failed to query server mydomain.tld@853(TCP)

i am already having wildcard certificate from letsencrypt and its working fine over browser.

openssl s_client -showcerts -connect mydomain.tld:853

depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = R3
verify return:1
depth=0 CN = mydomain.tld
verify return:1

i couldn't understand the issue here . why kdig reporting i am having treafik default cert and openssl reports i have valid cert. and chrome secure dns also reports i dont have valid certs.

i have tried overriding tls default cert with pem file still it doesnt works for me. It would be better if someone could help me out here.