Trying to use alternate certificate with Consul KV


We're using Consul Catalog for routing and Consul K/V for doing certs. Our tags in Catalog look like so:

      tags = [

And our certs are served via a wildcard signed by our internal CA by default from Consul KV:


That all works by default. I am now trying to figure out how to get a second service using a different, external certificate.

I'm kind of lost going through the documentation how I would tell traefik to use a different cert in this case.

Hi @eadderley

Just add a new index:


Thanks @cakiwi

I already tried that and it didn't work. Thinking about it, is it because the wildcard is first and so is getting matched before the more specific further down?

Looking at the code in certificate_store.go

If there is already a cached certificate that matches it will be selected. Otherwise the matching certificate should be selected over a wildcard.

I haven't verified this myself. A contributor would be able to give a definitve answer.


After some digging I found the problem - the combined ca-crt wasn't properly formed, so this was user error. Thanks for being 2nd set of eyes, @cakiwi !

I also did a test with the file provider, once I added the matching cert it was used in preference over the wildcard certificate.

The file provider was updated with the existing traefik instance, no restart.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.