Wildcard SSL certificate served over normal SSL certificate

ChrisCreate · August 15, 2019, 7:01am

I've got 2 certificates, one for the root domain (example.com) and one for the wildcard subdomains (*.example.com)

Now the wildcard subdomain also supports SSL for the root domain, so traefik serve's the wildcard ssl certificate on the root domain instead of the certificate specific for the root domain

Now I've made an issue on github but maybe someone here can help.

Github link: https://github.com/containous/traefik/issues/5206

daniel.tomcej · August 15, 2019, 2:46pm

Hello @ChrisCreate,

Traefik 1.7 caches certificate responses to improve TLS performance.

In your case, because both your wildcard certificate and your other certificate are both valid, Traefik cannot know which one to choose to serve. It just uses whatever certificate is cached at the time.

If you are required to only serve one certificate for the root domain, I would suggest removing the SAN from your wildcard.

Topic		Replies	Views
Traefik serving default certificate while other certificate assigned Traefik v2 (latest) kubernetes-crd	3	1998	March 18, 2021
Multiple certificates in TLSstore Traefik v2 (latest) kubernetes-crd	1	2223	December 20, 2022
Wildcard certificates for all subdomains without service Traefik v2 (latest) docker , letsencrypt-acme	1	3063	May 3, 2021
Wildcard cert file seems not working for sub-subdomain Traefik v2 (latest) file	1	108	February 18, 2024
How to use the same wildcard TLS certificate in multiple IngressRoutes in different namespaces? Traefik v2 (latest) kubernetes-crd , kubernetes-ingress	5	3194	August 19, 2019

Wildcard SSL certificate served over normal SSL certificate

Related Topics