"Not Secure" cert warning when hosted on Synology NAS behind Traefik

[sargonas]

Okay so this is a weird one.

I have 3 Docker hosts on my network, my Primary, Secondary, and my Synology NAS.
My Traefik reverse proxy is on Primary, and all docker containers on primary use traefik label for config.
Secondary and Synology instead are configured by yaml traefik config files on the Primary server that I set up manually.

I currently have 6 containers on my synology NAS, all behind traefik. 5 of them correctly re-route http requests to https ones, and land on traefik at https://service.homelabdomain.local with a happy valid cert, provided by traefik.

Jellyfin, does not. It results in a not secure warning in the browser and when you view the cert, it is NOT the Lets Encrypt cert provided by traefik. It is showing my synology NAS's default self-signedf cert.

I have checked, rechecked, and checked again and the jellyfin traefik yaml file is *identical* in every way to one of the working services. The ONLY difference is the subdomain/sevice swap of the name service1 to jellyfin and the correct port for jellyfin.

So why on earth is Jellyfin trying to load the Synology NAS's self cert, and not letting Traefik handle it like it's sibling services? Is there some super obivous "aha" thing I am missing?

I've spent 2 hours trying to search this before asking, but unfortunately the mix of "Synology" and traefik and Jellyfin result in a lot of bad results around hosting JF on synology using its built in reverse proxy, so i can't find anythign relevant to me.

[TheDreadPirate]

Are traefik configs saved in a plain text file? If so, is it possible to share it with us? Censor any domains and WAN IPs.

[use7]

Something it could be, do you have under Dashboard -> Networking JF redirecting the https? To my understanding you want all the https redirection to take place at your reverse proxy (and thus serve those certs) rather than w/in the JF app. That may be why you're seeing the wrong certs loaded?