infer wild card cert if prefer flag is on

server/config.ts

@@ -29,6 +29,7 @@ const environmentSchema = z.object({
         http_entrypoint: z.string(),
         https_entrypoint: z.string().optional(),
         cert_resolver: z.string().optional(),
+        prefer_wildcard_cert: z.boolean().optional(),
     }),
     gerbil: z.object({
         start_port: portSchema,

server/routers/traefik/getTraefikConfig.ts

@@ -34,10 +34,6 @@ export async function traefikConfigProvider(
 
         // const baseDomain = new URL(config.app.base_url).hostname;
 
-        const tls = {
-            certResolver: config.traefik.cert_resolver,
-        };
-
         const http: any = {
             routers: {},
             services: {},
@@ -68,6 +64,31 @@ export async function traefikConfigProvider(
             const routerName = `${target.targetId}-router`;
             const serviceName = `${target.targetId}-service`;
 
+            if (!resource.fullDomain) {
+                continue;
+            }
+
+            const domainParts = resource.fullDomain.split(".");
+            let wildCard;
+            if (domainParts.length <= 2) {
+                wildCard = `*.${domainParts.join(".")}`;
+            } else {
+                wildCard = `*.${domainParts.slice(1).join(".")}`;
+            }
+
+            const tls = {
+                certResolver: config.traefik.cert_resolver,
+                ...(config.traefik.prefer_wildcard_cert
+                    ? {
+                          domains: [
+                              {
+                                  main: wildCard
+                              },
+                          ],
+                      }
+                    : {}),
+            };
+
             http.routers![routerName] = {
                 entryPoints: [
                     target.ssl