Alternative Resolver

As Traefik is configured to use Cloudflare and DNS-01 Challenge allowing for offline certificates, it causes issues using domains/subdomains that are not owned by Cloudflare's ACME.

To provision a random domain with a public A record, such as Afraid DNS, create a second resolver under certificatesResolvers in traefik.yml:

 letsencrypt-afraid:
    acme:
      email: afraid@domain.xyz
      storage: /etc/traefik/acme.json
      httpChallenge:
        entryPoint: http

For the router, make sure you specify this resolver, or it will default to the DNS-01 Letsencrypt (Cloudflare) setup:

   jellyfin-afraid:
      entryPoints:
        - https
      rule: "Host(`mynewdomain.com`)"
      service: jellyfin
      middlewares:
        - "securityHeaders"
      tls:
        certResolver: letsencrypt-afraid