Wildcard certifikate not working on podman

I've found no comprehensive example config for wildcard certificates. There are more than enough for LE but this is not my use case. That's what I tried:

Alle this is expected to wok on my internale network only. I've two separate docker-compose files:

Traefik:

services:
  traefik:
    image: traefik:latest # or traefik:v3.3 to pin a version
    container_name: traefik
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true # helps to increase security
    env_file:
      - .env # store other secrets e.g., dashboard password
    networks:
       proxy:
    ports:
      - 80:80
      - 443:443
    environment:
      - TRAEFIK_DASHBOARD_CREDENTIALS=${TRAEFIK_DASHBOARD_CREDENTIALS}
    volumes:
      - /run/user/1000/podman/podman.sock:/var/run/docker.sock
      - /etc/localtime:/etc/localtime:ro
      - /home/pm/traefik/traefik.yaml:/traefik.yaml:ro
      - /home/pm/traefik/ssl:/etc/traefik/certs:ro
      - /home/pm/traefik/logs:/var/log/traefik
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.traefik.entrypoints=http"
      - "traefik.http.routers.traefik.rule=Host(`traefik.mhc.loc`)"
      - "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_DASHBOARD_CREDENTIALS}"
      - "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
      - "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
      - "traefik.http.routers.traefik.middlewares=traefik-https-redirect"
      - "traefik.http.routers.traefik-secure.entrypoints=https"
      - "traefik.http.routers.traefik-secure.rule=Host(`traefik.mhc.loc`)"
      - "traefik.http.routers.traefik-secure.middlewares=traefik-auth"
      - "traefik.http.routers.traefik-secure.tls=true"

networks:
  proxy:
    external: true

Portainer as an example:

services:

  portainer:
    image: portainer/portainer-ee:latest
    container_name: portainer
    command: -H unix:///var/run/docker.sock
    restart: always
    volumes:
      - /run/user/1000/podman/podman.sock:/var/run/docker.sock
      - portainer_data:/home/pm/portainer/data
    networks:
      - proxy
    labels:
      # Frontend
      - "traefik.enable=true"
      - "traefik.http.routers.frontend.rule=Host(`portainer.mhc.loc`)"
      - "traefik.http.routers.frontend.entrypoints=https"
      - "traefik.http.services.frontend.loadbalancer.server.port=9000"
      - "traefik.http.routers.frontend.service=frontend"

      # Edge
      - "traefik.http.routers.edge.rule=Host(`edge.mhc.loc`)"
      - "traefik.http.routers.edge.entrypoints=https"
      - "traefik.http.services.edge.loadbalancer.server.port=8000"
      - "traefik.http.routers.edge.service=edge"

networks:
  proxy:
    external: true

This just does not work at all Traefik basic auth does not work and Portainer leads to a 404. My wildcard certificate does not get used. Instead the self signed default certificate is uses.

How to get this woking?

Share your Traefik static config (entrypoints, certResolvers).

Did you maybe place the acme.json file in a read-only folder?

Check simple Traefik example for doc and the example with dnsChallenge.