Using letsencrypt certificates and custom ones simultaneously

Hello,

I'm trying to build a setup using tls certificates from letsencrypt and custom certificates simultaneously (of course in different services).
The letsencrypt certificate will only be valid for letsencrypt.example.com and my custom one only for sslcustom.example.com

Therefore I used this letsencrypt config in my static config file:

[certificatesResolvers]
  [certificatesResolvers.letsencrypt.acme]
    email = "info@example.com"
    storage = "acme.json"
    [certificatesResolvers.letsencrypt.acme.tlsChallenge]

And in my dynamic config I specified the custom certificate:

[tls]
  [tls.options]
    [tls.options.default]
      minVersion = "..."
      cipherSuites = [...]
      curvePreferences = [...]
      sniStrict = true
  [[tls.certificates]]
    certFile = "/etc/traefik/cert.pem"
    keyFile = "/etc/traefik/priv.pem"

Now I build a docker file with two different containers, one with a letsencrypt certificate and the other one with my custom certificate.

services:
  ssltest-letsencrypt:
    image: containous/whoami
    deploy:
      labels:
        - traefik.enable=true
        - traefik.http.routers.ssltest-letsencrypt.rule=Host(`letsencrypt.example.com`)
        - traefik.http.routers.ssltest-letsencrypt.entrypoints=https
        - traefik.http.routers.ssltest-letsencrypt.tls=true
        - traefik.http.routers.ssltest-letsencrypt.tls.certresolver=letsencrypt
        - traefik.http.services.ssltest-letsencrypt.loadbalancer.server.port=80
  ssltest-custom:
    image: containous/whoami
    deploy:
      labels:
        - traefik.enable=true
        - traefik.http.routers.ssltest-custom.rule=Host(`sslcustom.example.com`)
        - traefik.http.routers.ssltest-custom.entrypoints=https
        - traefik.http.routers.ssltest-custom.tls=true
        - traefik.http.services.ssltest-custom.loadbalancer.server.port=80

If I deploy this file, the container using the custom tls certificate (at sslcustom.example.com) is working as expected using my custom certFile. When I try to access the container using the letsencrypt (at letsencrypt.example.com) certificate, I got an error meaning that the certificate is not valid for this subdomain.
A quick look in to the logs indicated, the letsencrypt container is indeed using my custom tls certificate. Letsencrypt was not requested to issue a certificate for letsencrypt.example.com.

Now I thought this use case could not work, cause I override the [tls.certificates] property for my custom certificate so letsencrypt will be ignored. But I proved me quickly wrong: If i manually add the letsencrypt certificate for the mentioned subdomain to acme.json the letsencrypt container is working as expected. So it seems if traefik.http.routers.x.tls.certresolver is specified, the custom tls certificate will be ignored. This's as I expected.

So my question is:
Is it possible to use letsencrypt and custom tls certificates in one traefik instance simultaneously? If yes, what I'm doing wrong?
Or is this more indicating a kind of bug? If I manually imitating the letsencrypt service by pasting the correct certificate to "acme.json" everything is working as expected...

Feel free to answer with a question if some detailed information is missing or if I should create a issue over in GitHub.

Thanks,

Edit: Fixed wrong router name.

Yes you can.

This is set exactly the same in both your containers(wrong router name in both). But if this is the problem then I am not sure how either of them would be working.

@cakiwi:
This already sounds promising, that I cloud use letsencrypt certificated and custom tls certificates simultaneously.

The wrong router name is indeed a copy & paste error - I've corrected these mistake.

Are you using docker swarm ?

Yes, traefik is configured to use docker swarm.