While following the view.doc.traefik.io/traefik/https/tls/ to set up a default certificate for requests without SNI, I ran into an issue where it just doesn’t seem to get picked up, and Traefik keeps falling back to the autogenerated cert instead.
Here’s a snippet of the dynamic YAML I’m using:
tls:
stores:
default:
defaultCertificate:
certFile: /etc/ssl/certs/my-default.crt
keyFile: /etc/ssl/private/my-default.key
I’m running Traefik with the file provider, and the cert paths are valid. Tried restarting several times and even checked permissions. Still getting the autogenerated cert on connections where no SNI is sent (like some probes and curl tests).
Not sure if there’s some subtle condition where Traefik ignores the defaultCertificate
setting or if something else needs to be defined in the router? The doc is a bit vague on how this behaves outside of ACME.
This got in the way while helping a contractor client test a staging setup behind a load balancer that doesn't pass SNI it really turned into a head-scratcher.
Anyone dealt with something similar?