I've recently switched my reverse proxy from nginx to Traefik, but I'm having one last issue that I can't seem to figure for about a week now. It's about wildcard certificates and serving them when visiting any subdomain without a service behind it. I've attached the docker-compose file for my Traefik Servce and the wildcard service I'm testing with (the wildcard service configuration is based on this: Arbitrary wildcard subdomain, redirect to docker container).
So basically I'd like to serve something like [somerandomstring].example.com with the certificate for *.example.com. The matching works fine already, but unfortunately it always serves Traefik's self-signed certificate and therefore I'm seeing a warning in my browser. I've set-up the DNS-Challenge and it works fine with my named services, so I don't understand, how to tell Traefik to generate the wildcard certificate and use it rather, than the default self-signed cert.
My last resort would be to generate the wildcard certificate myself and store it as default certificate (as described here cant add self signed wildcard cert · Issue #6221 · traefik/traefik · GitHub), but I'd love to avoid that if I can set it up with Traefik somehow.
I'd appreciate any help with this, since it is driving me insane (at least a little bit). Thanks in advance for any hints in the right direction
Edit: Okay, I feel decently stupid now.
I just recognized, that I forgot the tlsresolver, and that's why it didn't request the wildcard certificate before... so it now has successfully requested it. This issue is resolved
# Traefik as reverse proxy with dashboard enabled
# More logs when debugging
# Tell traefik to watch docker events for hot reload
# Enable the dashboard on https
# Listen default HTTP ports
# Automatic generation of certificate with Let's Encrypt
# Persists certificate locally, otherwise we will recreate new ones at each restarts and quickly hit limits.
# Redirect HTTP traffic to HTTPS
# Expose the traefik dashboard on the reserved sub path, TLS is provided by the Let's Encrypt cert provider.
traefik.example.com) && (PathPrefix(
/api) || PathPrefix(
# Protect dashboard with simple auth => log with admin / admin for this example
# Password is generated with
htpasswd -nb admin adminbeware to escape all '$' replacing them by '$$'