Skip to main content

Certificates Resolvers

In Traefik Hub API Gateway, TLS Certificates can be generated using Certificates Resolvers. You can find more information about Certificates Resolvers in the Concepts page.

In Traefik Hub API Gateway, three certificate resolvers exist:

  • acme: It allows generating ACME (Automatic Certificate Management Environment) certificates stored in a file (not distributed).
  • distributedAcme: Same as acme but the generated certificates are shared between your Traefik Hub API Gateway instances (using Secrets in Kubernetes or Vault in other environments).
  • tailscale: To protect a service with TLS, a certificate from a public Certificate Authority is needed. In addition to its VPN role, Tailscale also provides certificates for the machines in your Tailscale network. The tailscalecertificates resolver allows provisioning TLS certificates for internal Tailscale services.

The Certificates resolvers are defined in the static configuration.

Referencing a certificate resolver

Defining a certificate resolver does not imply that routers are going to use it automatically. Each router or entrypoint that is meant to use the resolver must explicitly reference it.