'Traefik V2 get wildcard certificate

I have basic setup running after following this tutorial

But struggling to get wildcard certificate for domain from Let's Encrypt.

traefik configuration :

traefik.toml: |
  ## static configuration
  [global]
    checkNewVersion = true

  [entryPoints]
    [entryPoints.web]
      address = ":80"
    [entryPoints.websecure]
      address = ":443"

  [providers]
    [providers.kubernetesCRD]
    [providers.file]
      directory = "/etc/traefik/providers/"
      watch = true

  [log]
    level = "INFO"

  [accessLog]

  [api]
    insecure = true
    dashboard = true
    debug = true

  [metrics]
    [metrics.prometheus]
      buckets = [0.1,0.3,1.2,5.0]
      addEntryPointsLabels = true
      addServicesLabels = true
      entryPoint = "web"

  [ping]
    entryPoint = "web"

  [certificatesResolvers]
    [certificatesResolvers.default]
      [certificatesResolvers.default.acme]
        email = "[email protected]"
        caServer = "https://acme-v02.api.letsencrypt.org/directory"
        storage = "acme.json"
        [certificatesResolvers.default.acme.dnsChallenge]
          provider = "route53"
          delayBeforeCheck = 0
          resolvers = ["1.1.1.1:53", "8.8.8.8:53"]

dynamic.toml: |
  ## dynamic configuration
  (Empty)

and route config :

---

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: traefik-admin
  namespace: kube-system
spec:
  entryPoints:
    - web
  routes:
  - match: Host(`traefik.domain.ca`)
    kind: Rule
    services:
    - name: traefik
      port: 8080

---

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: whoami-notls
  namespace: kube-system
spec:
  entryPoints:
    - web
  routes:
  - match: Host(`traefik.domain.ca`) && PathPrefix(`/notls`)
    kind: Rule
    services:
    - name: whoami
      port: 80

---

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: whoami-tls
  namespace: kube-system
spec:
  entryPoints:
    - websecure
  routes:
  - match: Host(`traefik.domain.ca`) && PathPrefix(`/tls`)
    kind: Rule
    services:
    - name: whoami
      port: 80
  tls:
    certResolver: default

I am able to get certificate for traefik.domain.ca but need to get wildcard certificate for entire domain (*.domain.ca). I am not able find any direct reference config for this.

What I am missing here ?

traefiktraefik-ingress


Solution 1:[1]

Updating the tls block worked.

tls:
  certResolver: default
  domains:
    - main: dev.domain.ca
      sans:
        - "dev.domain.ca"
        - "*.dev.domain.ca"

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Pyrology

Related Questions

How can I redirect http to https using traefik?

Traefik (v2.2) Ingress on Kubernetes: HTTP and HTTPS cannot co-exist

How to allow a slow-response in Traefik 2+?

Traefik Docker with wildcard domain

Traefic docker container reverse-proxy redirect fails to ports provided by other containers: Gateway timeout

How to proxy WebSockets in Traefik?

Traefik Acme "MissingEndpoint" 'Endpoint' configuration is required for this service

traefik.go: command traefik error: failed to eval New: undefined: xxx

traefik.go: command traefik error: failed to eval New: undefined: xxx

What does it mean when Traefik claims to be "natively compliant"?

Configuring traefik for basic http so that dashboard uses port 80 -- get page 404 not found

Traefik v2.6 multiple certresolvers

Docker Swarm sticky sessions with traefik

Traefik on Kubernetes (GCE/GKE) behind GCE Load Balancer

Kubernetes basic authentication with Traefik