Trying this out

dev/forward-to-legacy-nginx.yaml

@@ -6,14 +6,16 @@ entryPoints:
   web:
     address: ":80" # or :898 in your case
     allowACMEByPass: true  # <--- WITHOUT THIS, TRAEFIK ALWAYS WINS
+  https:
+    address: ":443"
 
 certificatesResolvers:
   letsencrypt:
     acme:
       email: "kovagoadi@gmail.com"
       storage: "acme.json"
-      # httpChallenge:
+      httpChallenge:
-      #  entryPoint: web
+       entryPoint: web
 
 tcp:
   routers:
@@ -57,6 +59,7 @@ http:
         - "web"
       priority: 1  # Will catch ACME for any domain NOT listed in the handler above
 
+
   services:
     nginx-legacy-service:
       loadBalancer:

docker-compose.yaml

@@ -12,14 +12,14 @@ services:
       - "--providers.docker.exposedbydefault=false"
       - "--providers.docker.network=proxy"
       - "--providers.docker.constraints=Label(`env`, `${ENV}`)"
-      - "--entryPoints.web.address=:80"
+      # - "--entryPoints.web.address=:80"
-      - "--entryPoints.https.address=:443"
+      # - "--entryPoints.https.address=:443"
-      - "--entryPoints.web.allowacmebypass=true"
+      # - "--entryPoints.web.allowacmebypass=true"
-      - "--certificatesresolvers.letsencrypt.acme.httpchallenge=true"
+      # - "--certificatesresolvers.letsencrypt.acme.httpchallenge=true"
-      - "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web"
+      # - "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web"
-      - "--certificatesresolvers.letsencrypt.acme.email=kovagoadi@gmail.com"
+      # - "--certificatesresolvers.letsencrypt.acme.email=kovagoadi@gmail.com"
-      - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
+      # - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
-      - "--certificatesResolvers.letsencrypt.acme.caServer=${CERTBOT_CA_RESOLVER}"
+      # - "--certificatesResolvers.letsencrypt.acme.caServer=${CERTBOT_CA_RESOLVER}"
       - "${TRAEFIK_LEGACY_OPT:-}"
       - "--providers.file.watch=true"
     ports: