These can be exported pretty easy through a bash script. Traefik: Configure it on Kubernetes with Cert-manager - Padok I see a lot of guides online using the Nginx Ingress Controller, but due to K3s having Traefik enabled by default, and due to me being a die-hard fan of Traefik, I wanted to do a demonstration on how you can deploy your . By default, certificates.toml tells traefik that we have one pregenerated certificate, which can be found . HTTPS with Cert-Manager and Letsencrypt - K3S Rocks In one hour after the dns records was changed, it just started to use the automatic certificate. Neat! Traefik Proxy will also use self-signed certificates for 30-180 seconds while it retrieves new certificates from Let's Encrypt. Document HTTPS with the built-in Traefik (LetsEncrypt and ... - GitHub aplsms September 9, 2021, 7:10pm #5 TLDR: traefik does not monitoring the certificate files, it monitors the dynamic config file Steps: Update your cert file; Touch dynamic.yml; Et voilà, traefik has reloaded the cert file; There might be a gotcha with the default certificate store. It'll run on a NAS, where the default ports 80 & 443 are tied up. I'm trying to use letsencrypt, the DNS is setted up and resolves to aks public ip address correctly but all certificate . # # Required # email: "test@example.com" # File or key used for certificates storage. If you can see below CNAME record with dig, it means the DNS record is propagated and we are ready to request our wildcard certificate. You may also run into the issue that LetsEncrypt is unable . dockerfiles-windows/traefik-letsencrypt.toml at main - github.com Exactly like @BamButz said. Configure Traefik v2 to authenticate itself with its TLS certificate. Now comes the (arguably) fun part: certificate generation. So those clients are always served with the traefik default certificate. TLS not working (always using generated default certificate) - GitHub