User defined certificats are ignored

Hi,

I'm able to have a great set up using Traefik V2 and ACME. Now, I want to use my own certificats that I generated using the projet docker-letencrypt-dns.

Custom certificats

docker-letencrypt-dns generates four files:

`privkey.pem`  : the private key for your certificate.
`fullchain.pem`: the certificate file used in most server software.
`chain.pem`    : used for OCSP stapling in Nginx >=1.3.7.
`cert.pem`     : will break many server configurations, and should not be used
                 without reading further documentation (see link below).

I concluded that I need to use those two certs with Traefik:

  certFile: /letsencrypt/live/devkiwi.club/fullchain.pem
  keyFile: /letsencrypt/live/devkiwi.club/privkey.pem

Issue

Why Traefik do not see my configurations?

Traefik logs

time="2020-01-29T22:58:49-05:00" level=debug msg="No default certificate, generating one"
time="2020-01-29T22:59:32-05:00" level=debug msg="Serving default certificate for request: \"devkiwi.club\""
time="2020-01-29T22:59:32-05:00" level=debug msg="http: TLS handshake error from 54.219.120.51:52784: remote error: tls: bad certificate"

compose-traefik.yml

./compose-traefik.yml

version: "3.7"

services:

  traefik:
    image: traefik:v2.1.3
    ports:
      - 80:80
      - 443:443
    volumes:

      - ./traefik.yml:/traefik.yml:ro     #<== static configs / traefik load them directly
      - ./conf.d:/conf.d:ro               #<== dynamic configs / we must specify this directory in the static configs as well
      - /user/data/traefik/log/:/var/log/              #<== logs
      - /user/data/letsencrypt/live:/live              #<== acme certs
    
    labels:
        #___ core configs
      - traefik.enable=true
        #___ set traefik dashboard + API. The API is available at: mydomain.club/api/http/routers & mydomain.club/api/rawdata
      - "traefik.http.routers.traefik.rule=Host(`devkiwi.club`) && (PathPrefix(`/traefik`) || PathPrefix(`/api`))"
      - "traefik.http.routers.traefik.service=api@internal"
        #___ set TLS (https)
      - "traefik.http.routers.traefik.tls=true"
      - "traefik.http.routers.traefik.entrypoints=websecure"
      - "traefik.http.routers.ping.service=ping@internal"
      - "traefik.http.routers.ping.tls=true"
        #___ specific middleware for traefik (it enables the dashboard at mydomain.com/traefik)
      - "traefik.http.middlewares.traefik-strip.stripprefix.prefixes=/traefik"

  socketproxy:
    image: tecnativa/docker-socket-proxy
    container_name: socketproxy
    hostname: socketproxy
    restart: unless-stopped
    healthcheck:
      disable: true
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
    environment:
      CONTAINERS: 1

compose-home.yml (webapp)

version: "3.7"

services:

  home:
    image: nginx:1.17-alpine
    container_name: home
    hostname: home
    restart: unless-stopped
    healthcheck:
      disable: true
      
    volumes:
      - ./config/static-home/index.html:/usr/share/nginx/html/index.html

    labels:
      #### core configs
      - "traefik.enable=true"
      - "traefik.http.routers.home.rule=Host(`devkiwi.club`)"
      - "traefik.http.services.home.loadbalancer.server.port=80"
      #### set TLS (https)
      - "traefik.http.routers.home.entrypoints=websecure"
      - "traefik.http.routers.home.tls=true"
      - "traefik.http.routers.home.tls.option=myTLSOptions"
      #### Apply rules (middlewares)
      - "traefik.http.routers.home.middlewares=RuleGrpMain"

traefik.yml (static)

./traefik.yml

# STATIC CONFIGS

providers:
  docker:
    endpoint: "tcp://socketproxy:2375"
    exposedByDefault: false
  file:
    directory: /conf.d    #<== loads dynamic config
    watch: true

certificates.yml (dynamic)

./conf.d/certificates.yml

I did check within Traefik container and the certs are there.
I'm not sure about this config, but it's the best I could conclude from the docs.

If I provide 50 certs, I understand that Traefik will find the appropriate one right?

# DYNAMIC CONFIGS

tls:
  stores:
    default:
      defaultCertificate:
        - certFile: /live/devkiwi.club/fullchain.pem
          keyFile: /live/devkiwi.club/privkey.pem
  certificates:
    - certFile: /live/blue.club/fullchain.pem
      keyFile: /live/blue.club/privkey.pem
  certificates:
    - certFile: /live/green.club/fullchain.pem
      keyFile: /live/green.club/privkey.pem

  options:
    myTLSOptions:
      minVersion: VersionTLS13
      cipherSuites:
        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
        - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
        - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
        - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
        - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

# When dealing with an HTTPS route, Traefik goes through your default certificate store to find a matching certificate.
# https://containo.us/blog/traefik-2-tls-101-23b4fbee81f1/

When I go on the website, I see that a generic cert was generated.

Thanks in advance!