Self Signed Cert - Subdomain


I would like to know if i can use self signed certificate for like '' for multiple subdomains like '' , '' ?
I'm using docker provider.

Thanks in advance
NB : Sorry for my french english :smiley:


I'm not an expert but in my point of view that is not possible (you will receive an error message that your certificates are wrong).
You can

  1. build a certificate with SAN(s), and or
  2. build a * certificate


I had a feeling it' was not possible, but i tried :smirk:
I've already try then '*"...

Thanks you for your reply...

Hello @nicolas.diakite, you can, with a lot of tools, generate a single self-signed certificate,
which will have as main domain, and has a wildcard * as a "SAN" (subject alternative name).

Example with mkcert:

mkcert "*"

Then follows to configure the generated certificate with Traefik.

As @cybermcm told you, by default this certificate will be seen as "not secured", but it's ok for tests. If you use mkcert, it can import the certificate authority on your webbrowser, making it look like a legit certificate on your machine only.

By the way, you can do the same with Let's Encrypt, and let Traefik auto-generate valid certificate for each domain it knows.

Hello @dduportal
Thank for your reply.

My goal is to use it in production so I will go with "lets encrypt" or ask to my client to pay for a wildcard cert and use it as static.

Regarding Lets encrpyt, is it mandatory to use dns challenge for wildcard, right ??

Still waiting for the "french tag" hihi

Yes, you are right: using DNS challenge is mandatory when one of the domain (principal or alternatives) is a wildcard.

However requesting a wildcard domain might not be required, as Traefik automates the certificates generation. By using the onHostRule, the domain name are dynamically detected from the frontend rules, and the Let's encrypt certificates are requested individually from this.

In your example, as soon as the service behind the domain, Traefik requests a single certificate for the domain, through TLS, HTTP or DNS challenge.
So you will end up with a finite colelction of certificates

(For the french tag, we'll discuss this :slight_smile: )