The https certificate is purchased by the company. The first-level domain name is a.com. The company is divided into three environments: dev, test, and prod, corresponding to three domain name certificates, dev.a.com, test.a.com, and a.com.
When I use the domain name xxx.a.com, I can load the a.com certificate.
When I am using xxx.dev.a.com or xxx.test.a.com, I cannot load the corresponding dev.a.com or test.a.com domain certificate
ssl.toml
file
[tls]
[[tls.certificates]]
certFile = "/config/certs/a.com.crt"
keyFile = "/config/certs/a.com.key"
stores = ["default"]
[[tls.crtificates]]
crtFile = "/config/certs/dev.a.com.crt"
keyFile = "/config/certs/dev.a.com.key"
stores = ["adev"]
[tls.options]
[tls.options.default]
minVersion = "VersionTLS12"
[tls.options.mintls13]
minVersion = "VersionTLS13"
http.toml
file
[http]
[http.routers]
[http.routers.Router0001]
namespace = "default"
entryPoints = ["web", "websecure"]
service = "appv2-a"
rule = "Host (` ll.a.com`) "
middlewares = ["test-ipwhitelist", "test-redirectscheme"]
priority = 42
[http.routers.Router0001.tls]
[http.services]
[http.services.appv2-a]
[http.services.appv2-a.loadBalancer]
passHostHeader = true
[[http.services.appv2-a.loadBalancer.servers]]
url = "http: //appv2.default.svc.cluster.local: 80"
The above configuration can load a.com certificate. If you write ll.a.com as ll.dev.a.com, you cannot load the dev.a.com certificate.