Wildcard certifikate not working on podman

Traefik Traefik v3 (latest)
1

I've found no comprehensive example config for wildcard certificates. There are more than enough for LE but this is not my use case. That's what I tried:

Alle this is expected to wok on my internale network only. I've two separate docker-compose files:

Traefik:

services:
  traefik:
    image: traefik:latest # or traefik:v3.3 to pin a version
    container_name: traefik
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true # helps to increase security
    env_file:
      - .env # store other secrets e.g., dashboard password
    networks:
       proxy:
    ports:
      - 80:80
      - 443:443
    environment:
      - TRAEFIK_DASHBOARD_CREDENTIALS=${TRAEFIK_DASHBOARD_CREDENTIALS}
    volumes:
      - /run/user/1000/podman/podman.sock:/var/run/docker.sock
      - /etc/localtime:/etc/localtime:ro
      - /home/pm/traefik/traefik.yaml:/traefik.yaml:ro
      - /home/pm/traefik/ssl:/etc/traefik/certs:ro
      - /home/pm/traefik/logs:/var/log/traefik
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik.entrypoints=http"
      - "traefik.http.routers.traefik.rule=Host(`traefik.mhc.loc`)"
      - "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_DASHBOARD_CREDENTIALS}"
      - "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
      - "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
      - "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
      - "traefik.http.routers.traefik-secure.entrypoints=https"
      - "traefik.http.routers.traefik-secure.rule=Host(`traefik.mhc.loc`)"
      - "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
      - "traefik.http.routers.traefik-secure.tls=true"

networks:
  proxy:
    external: true

Portainer as an example:

services:

  portainer:
    image: portainer/portainer-ee:latest
    container_name: portainer
    command: -H unix:///var/run/docker.sock
    restart: always
    volumes:
      - /run/user/1000/podman/podman.sock:/var/run/docker.sock
      - portainer_data:/home/pm/portainer/data
    networks:
      - proxy
    labels:
      # Frontend
      - "traefik.enable=true"
      - "traefik.http.routers.frontend.rule=Host(`portainer.mhc.loc`)"
      - "traefik.http.routers.frontend.entrypoints=https"
      - "traefik.http.services.frontend.loadbalancer.server.port=9000"
      - "traefik.http.routers.frontend.service=frontend"

      # Edge
      - "traefik.http.routers.edge.rule=Host(`edge.mhc.loc`)"
      - "traefik.http.routers.edge.entrypoints=https"
      - "traefik.http.services.edge.loadbalancer.server.port=8000"
      - "traefik.http.routers.edge.service=edge"

networks:
  proxy:
    external: true

This just does not work at all Traefik basic auth does not work and Portainer leads to a 404. My wildcard certificate does not get used. Instead the self signed default certificate is uses.

How to get this woking?

2

Share your Traefik static config (entrypoints, certResolvers).

Did you maybe place the acme.json file in a read-only folder?

Check simple Traefik example for doc and the example with dnsChallenge.