Wrong certificate on IPv4 connection

Traefik Traefik v3 (latest)
,
1

Hey folks,

I'm trying to setup traefik for a dual-stack connection so my services are reachable via IPv4 and IPv6. But I'm facing a strange error: Everything works fine when accessing my site over IPv6. But when using IPv4, traefik uses a self-signed certicate and shows a 404 not found error when opening the website. Also, nothing shows up in the access logs for IPv4 requests.

Any ideas on what might be going wrong here would be highly appreciated.

traefik compose file

services:

  traefik:
    image: "traefik:v3.0"
    container_name: "traefik"
    command:
      #- "--log.level=DEBUG"
      - "--api.insecure=true"
      - "--accesslog=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entryPoints.web.address=:80"
      - "--entryPoints.websecure.address=:443"
      - "--certificatesresolvers.myresolver.acme.dnschallenge=true"
      - "--certificatesresolvers.myresolver.acme.dnschallenge.provider=hetzner"
      #- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
      - "--certificatesresolvers.myresolver.acme.email=**********"
      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
      - "--providers.file.directory=/traefik/conf"
      - "--providers.file.watch=true"
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    environment:
      - "HETZNER_API_KEY=*******"
    volumes:
      - "./letsencrypt:/letsencrypt"
      - "./conf:/traefik/conf"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
    extra_hosts:
      - host.docker.internal:172.17.0.1
    networks:
      - proxy
networks:
  proxy:
    external: true

service compose file

services:
  vaultwarden:
    image: vaultwarden/server:latest
    container_name: vaultwarden
    ports:
      - 8001:80
    volumes:
      - ./data:/data
    restart: always
    environment:
      WEBSOCKET_ENABLED: "true"
      DOMAIN: "https://vault.example.com"
    labels:
      - "traefik.enable=true"
      - "traefik.http.services.bitwarden.loadbalancer.server.port=80"
      - "traefik.http.routers.bitwarden.rule=Host(`vault.example.com`)"
      - "traefik.http.routers.bitwarden.entrypoints=websecure"
      - "traefik.http.routers.bitwarden.tls.certresolver=myresolver"
      - "traefik.http.routers.bitwarden.tls.domains[0].main=*.example.com"
    networks:
      - proxy
networks:
  proxy:
      external: true
      name: proxy

dynamic config file

tls:
  options:
    default:
      minVersion: VersionTLS12
      cipherSuites:
        - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
        - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
        - TLS_AES_128_GCM_SHA256
        - TLS_AES_256_GCM_SHA384
        - TLS_CHACHA20_POLY1305_SHA256
      curvePreferences:
        - CurveP521
        - CurveP384
      sniStrict: true
http:
  middlewares:
    secHeaders:
      headers:
        browserXssFilter: true
        contentTypeNosniff: true
        frameDeny: true
        sslRedirect: true
        stsIncludeSubdomains: true
        stsPreload: true
        stsSeconds: 15768000
2

So your DNS has an A and AAAA entry for IPv4 and IPv6 with the target address of your Traefik node?

Are you sure your Docker setup is working correctly with IPv4 and IPv6?