Use default entryPoints when certificates are added with no entryPoints.

server/server.go

@@ -435,8 +435,12 @@ func (s *Server) loadConfiguration(configMsg types.ConfigMessage) {
 	if err == nil {
 		for newServerEntryPointName, newServerEntryPoint := range newServerEntryPoints {
 			s.serverEntryPoints[newServerEntryPointName].httpRouter.UpdateHandler(newServerEntryPoint.httpRouter.GetHandler())
-			if &newServerEntryPoint.certs != nil {
-				s.serverEntryPoints[newServerEntryPointName].certs.Set(newServerEntryPoint.certs.Get())
+			if newServerEntryPoint.certs.Get() != nil {
+				if s.globalConfiguration.EntryPoints[newServerEntryPointName].TLS == nil {
+					log.Debugf("Certificates not added to non-TLS entryPoint %s.", newServerEntryPointName)
+				} else {
+					s.serverEntryPoints[newServerEntryPointName].certs.Set(newServerEntryPoint.certs.Get())
+				}
 			}
 			log.Infof("Server configuration reloaded on %s", s.serverEntryPoints[newServerEntryPointName].httpServer.Addr)
 		}
@@ -448,12 +452,12 @@ func (s *Server) loadConfiguration(configMsg types.ConfigMessage) {
 }
 
 // loadHTTPSConfiguration add/delete HTTPS certificate managed dynamically
-func (s *Server) loadHTTPSConfiguration(configurations types.Configurations) (map[string]*traefikTls.DomainsCertificates, error) {
+func (s *Server) loadHTTPSConfiguration(configurations types.Configurations, defaultEntryPoints configuration.DefaultEntryPoints) (map[string]*traefikTls.DomainsCertificates, error) {
 	newEPCertificates := make(map[string]*traefikTls.DomainsCertificates)
 	// Get all certificates
 	for _, configuration := range configurations {
 		if configuration.TLSConfiguration != nil && len(configuration.TLSConfiguration) > 0 {
-			if err := traefikTls.SortTLSConfigurationPerEntryPoints(configuration.TLSConfiguration, newEPCertificates); err != nil {
+			if err := traefikTls.SortTLSConfigurationPerEntryPoints(configuration.TLSConfiguration, newEPCertificates, defaultEntryPoints); err != nil {
 				return nil, err
 			}
 		}
@@ -1204,7 +1208,7 @@ func (s *Server) loadConfig(configurations types.Configurations, globalConfigura
 	healthcheck.GetHealthCheck().SetBackendsConfiguration(s.routinesPool.Ctx(), backendsHealthCheck)
 	// Get new certificates list sorted per entrypoints
 	// Update certificates
-	entryPointsCertificates, err := s.loadHTTPSConfiguration(configurations)
+	entryPointsCertificates, err := s.loadHTTPSConfiguration(configurations, globalConfiguration.DefaultEntryPoints)
 	//sort routes and update certificates
 	for serverEntryPointName, serverEntryPoint := range serverEntryPoints {
 		serverEntryPoint.httpRouter.GetHandler().SortRoutes()

server/server_test.go

@@ -644,15 +644,6 @@ func TestServerLoadConfigEmptyBasicAuth(t *testing.T) {
 					},
 				},
 			},
-			TLSConfiguration: []*tls.Configuration{
-				{
-					Certificate: &tls.Certificate{
-						CertFile: localhostCert,
-						KeyFile:  localhostKey,
-					},
-					EntryPoints: []string{"http"},
-				},
-			},
 		},
 	}
 
@@ -662,6 +653,36 @@ func TestServerLoadConfigEmptyBasicAuth(t *testing.T) {
 	}
 }
 
+func TestServerLoadCertificateWithDefaultEntryPoint(t *testing.T) {
+	globalConfig := configuration.GlobalConfiguration{
+		EntryPoints: configuration.EntryPoints{
+			"https": &configuration.EntryPoint{TLS: &tls.TLS{}},
+			"http":  &configuration.EntryPoint{},
+		},
+		DefaultEntryPoints: []string{"http", "https"},
+	}
+
+	dynamicConfigs := types.Configurations{
+		"config": &types.Configuration{
+			TLSConfiguration: []*tls.Configuration{
+				{
+					Certificate: &tls.Certificate{
+						CertFile: localhostCert,
+						KeyFile:  localhostKey,
+					},
+				},
+			},
+		},
+	}
+
+	srv := NewServer(globalConfig)
+	if mapEntryPoints, err := srv.loadConfig(dynamicConfigs, globalConfig); err != nil {
+		t.Fatalf("got error: %s", err)
+	} else if mapEntryPoints["https"].certs.Get() == nil {
+		t.Fatal("got error: https entryPoint must have TLS certificates.")
+	}
+}
+
 func TestConfigureBackends(t *testing.T) {
 	validMethod := "Drr"
 	defaultMethod := "wrr"