Unable to append certificate XXX to store error="unable to generate TLS certificate : tls: failed to find any PEM data in key input"

Cipix · August 20, 2025, 5:20pm

I just installed traefik v3 follow the documentation (Setup Traefik Proxy in Docker Standalone - Traefik)

I already have a certificate so I thought that putting them into the tls.yaml file that the doc talks about would be a good idea.
However when I start traefik with docker compose up i’m welcomed with this error in the logs :

ERR github.com/traefik/traefik/v3/pkg/tls/tlsmanager.go:113 > Unable to append certificate XXX to store error="unable to generate TLS certificate : tls: failed to find any PEM data in key input" tlsStoreName=default

The XXX being the start of my .cert file. I know there is a post similar to mine ( Unable to append certificate XXX to store: unable to generate TLS certificate : tls: private key does not match public key ) but I don’t think the solution apply here and I don’t understand it anyway.

Here’s my docker-compose.yaml file :

services:
  traefik:
    image: traefik:v3.4
    command:
      # EntryPoints
      - "--entrypoints.web.address=:80"
      - "--entrypoints.web.http.redirections.entrypoint.to=websecure"
      - "--entrypoints.web.http.redirections.entrypoint.scheme=https"
      - "--entrypoints.web.http.redirections.entrypoint.permanent=true"
      - "--entrypoints.websecure.address=:443"
      - "--entrypoints.websecure.http.tls=true"

      # Attach the static configuration tls.yaml file that contains the tls configuration settings
      - "--providers.file.filename=/dynamic/tls.yaml"

      # Providers
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--providers.docker.network=traefik"

      # API & Dashboard
      - "--api.dashboard=true"
      - "--api.insecure=true"

      # Observability
      - "--log.level=DEBUG"
      - "--accesslog=true"
      - "--metrics.prometheus=true"
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./certs:/certs:ro
      - ./dynamic:/dynamic:ro
    labels:
      # Enable self‑routing
      - "traefik.enable=true"
    networks:
      - traefik



networks:
  traefik:
    external: true

My tls.yaml file in the dynamic folder :

tls:
  certificates:
    - certFile: /certs/example.fr_ssl_certificate.cert
      keyFile:  /certs/example.fr_private_key.key

  stores:
    default:
      defaultCertificate:
        certFile: /certs/example.fr_ssl_certificate.cert
        keyFile: /certs/example.fr_private_key.key

This is what my traefik folder looks like :

.
├── certs
│   ├── _.example.fr_private_key.key
│   └── example.fr_ssl_certificate.cert
├── docker-compose.yaml
└── dynamic
    └── tls.yaml

How can I make this works ?

Thanks

bluepuma77 · August 22, 2025, 5:23am

Check inside Traefik container if the files exist at the locations and if they are readable.

The names seem different:

├── certs
│   ├── _.example.fr_private_key.key

/certs/example.fr_private_key.key

Ensure the .cert file includes multiple entries for the full trust chain.

Topic		Replies	Views
TLS : Unable to append certificate Traefik v2 docker	11	17981	January 29, 2021
"Error while creating certificate store: failed to load X509 key pair: tls: failed to find any PEM data Traefik v2 docker	4	2856	January 15, 2021
Error failed to load X509 key pair / failed to find any PEM data in certificate input Traefik v2 docker	3	2099	July 3, 2023
Error while creating certificate store error Traefik v3 (latest) letsencrypt-acme	3	95	July 3, 2025
Traefik can't find my own certificate SSL Traefik v2 docker	0	401	July 6, 2022

Unable to append certificate XXX to store error="unable to generate TLS certificate : tls: failed to find any PEM data in key input"

Related topics