Traefik v2.9 not reading dynamic tls config file

,

I run traefik in Docker Swarm.
I launch it with

    command:
      - --providers.docker.swarmMode=true
      - --providers.file.directory=/configuration
      - --log.level=DEBUG

In the volume mounted to /configuration I have certificates.yaml as follows:

tls:
  certificates:
    - certFile: /puppet_certs/puppet01.my-domain.net.pem
      keyFile: /run/secrets/puppet01_key
    - certFile: /um-wildcard-chain.pem
      keyFile: /run/secrets/wildcard_key

Using the log I can verify that traefik is reading this file, e.g. by changing "certificates" to "certificatess" (extra s) I see this error:

2022-11-03T16:34:33.578516682Z time="2022-11-03T16:34:33Z" level=error msg="Error occurred during watcher callback: /configuration/certificates.yaml: field not found, node: certificatess" providerName=file

But when the file is intact, I only get this debug message:

2022-11-03T16:34:44.982153004Z time="2022-11-03T16:34:44Z" level=debug msg="Configuration received: {"http":{},"tcp":{},"udp":{},"tls":{}}" providerName=file
2022-11-03T16:34:44.982432812Z time="2022-11-03T16:34:44Z" level=debug msg="Skipping unchanged configuration." providerName=file

My certificates are not available, and traefik uses the default certificate in my TLS enabled services.

How can I make traefik accept my TLS configuration?

Update: I cannot reproduce after downgrading to v2.8. Older traefik containers work as expected and load my certificates.

This might be a bug in (the latest) 2.9 version.

Just tested with Docker Hub's traefik:v2.9 and it seems to work fine.

docker-compose.yml:

version: '3.9'

services:
  traefik:
    image: traefik:v2.9
    ports:
      # listen on host ports without ingress network (Docker Swarm)
      - target: 80
        published: 80
        protocol: tcp
        mode: host
      - target: 443
        published: 443
        protocol: tcp
        mode: host
    networks:
      - proxy
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - /root/traefik-dashboard-tls:/traefik
    command:
      --providers.docker=true
      --providers.docker.exposedByDefault=false
      --providers.file.directory=/traefik
      --entryPoints.web.address=:80
      --entryPoints.web.http.redirections.entryPoint.to=websecure
      --entryPoints.web.http.redirections.entryPoint.scheme=https
      --entryPoints.websecure.address=:443
      --entryPoints.websecure.http.tls=true
      --api.debug=true
      --api.dashboard=true
      --log.level=DEBUG
      --accesslog=true
    labels:
      - traefik.enable=true
      - traefik.http.routers.api.entrypoints=websecure
      - traefik.http.routers.api.rule=Host(`example.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))
      - traefik.http.routers.api.service=api@internal
      - traefik.http.routers.api.middlewares=auth
      - 'traefik.http.middlewares.auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/'

  whoami:
    image: traefik/whoami:v1.8
    networks:
      - proxy
    labels:
      - traefik.enable=true
      - traefik.http.routers.whoami.entrypoints=websecure
      - traefik.http.routers.whoami.rule=Host(`example.com`)
      - traefik.http.services.whoami.loadbalancer.server.port=80

networks:
  proxy:
    name: proxy
    external: true

traefik-dynamic.yml

tls:
  options:
    default:
      minVersion: VersionTLS12
  certificates:
    - certFile: /traefik/example.com.crt
      keyFile: /traefik/example.com.key