Websites prove their identity via certificates. Firefox does not trust this site because it uses a certificate that is not valid for portainer.domain.com. The certificate is only valid for 68c1344d8bb84d189065866e670d9720.8f18d9a466c9c40b362248d51f9800bb.traefik.default.
The staging environment intermediate certificate (“Fake LE Intermediate X1”) is issued by a root certificate not present in browser/client trust stores. If you wish to modify a test-only client to trust the staging environment for testing purposes you can do so by adding the “Fake LE Root X1” certificate to your testing trust store. Important: Do not add the staging root or intermediate to a trust store that you use for ordinary browsing or other activities, since they are not audited or held to the same standards as our production roots, and so are not safe to use for anything other than testing.
That makes sense, can't believe I didn't see that.I have commented out the staging line, but the certificates are still invalid. Does something need refreshing or some TTL to expire?
Somewhat related I feel. I have added a new service today, with all the correct labels, but traefik doesn't deal with it correctly. At the time traefik picked it up, there was no DNS; which is why it initially failed, but now DNS has updated but there is nothing new in traefik. Is there a step I'm missing after adding a domain?
Just in case someone has the same problem (no DNS at the time of testing the website, I forgot to set the CNAME after the traefik rules...), it helped to restart traefik for me (in my case the container).