I have Traefik 1.7.14 as loadbalancer, ingress deployed with helm in front of kubernetes cluster doing dns-01 challenge for wildcards through dnsimple to get certificates for exposed subdomain services and terminate ssl at the edge. It's been working for a long time, but ever since Root X3 expiry everything is acting very strange now and the certificates I am getting seems not valid.
If I look on dnsimple the _acme challenge TXT is constantly being added created and deleted in DNS, In the past those records would sit there for a while.
So when I then log into dnsimple and manually request wildcard cert I receive the full bundles but they ddont seem the same as the certs and private keys that are stored in the acme.json file generated by the dns-01 challenge.
Subdomains however do have a valid certificate but when the https is forwarded to other subdomains from Identity server for example the other subdomains complain about the certificate either being expired, or invalid, it's almost as if it multiple versions are present and are out of sync and the server certificate is also now expired.
My domain is: desilian.tech
I ran this commands, re-install Traefik, openssl, qualys ssltest, dpkg-reconfigure ca-certificates, update-ca-certificates
My web server is (include version): No Webserver, only Traefik serving apps from Kubernetes
The operating system my web server runs on is Ubuntu 18.04.3 LTS
My hosting provider, if applicable, is:
I can login to a root shell on my machine: YES
I'm using a control panel to manage my site, There is Plesk but only using it to configure edge firewall:
The version of my client is - I'm not using certbot as Traefik is handling that but it is installed, version is 1.20.0