These steps worked to bring up Traefik + Docker + HTTPS with Let's Encrypt: Docker-compose with Let's Encrypt: HTTP Challenge

Add these to the services → traefik → command list:

• --entrypoints.web.address=:80 (may already be present if you used Let's Encrypt HTTP challenge, if so, don't add it again)
• --entrypoints.web.http.redirections.entrypoint.to=websecure
• --entrypoints.web.http.redirections.entrypoint.scheme=http
• --entrypoints.web.http.redirections.entrypoint.permanent=true (optional)

You must also include the following in service → whoami → labels:

1. Both web and websecure entrypoints
   • Either, define both entrypoints: traefik.http.routers.whoami.entrypoints=web,websecure
   • Or, do not define any entrypoints and Traefik will bind to all configured entrypoints - do this if you only have one http and https entrypoint each and want a more concise Compose file
   • If the service (and it's host) is not bound to the plain HTTP entrypoint, Traefik will not be able to find a valid router for the hostname and return a HTTP 404
2. The certificate resolver, even if it is already defined globally in the entrypoint
   • traefik.http.routers.whoami.tls.certresolver=myresolver

• Traefik's Let's Encrypt TLS challenge
  • I got persistent error 400 due to connection reset, perhaps it has something to do with Docker networking

• Add port 8080 to Traefik's ports to make the Traefik web dashboard accessible
• HTTP/3 (QUIC) support:
  • Add this to the services → traefik → command list:
    --entrypoints.websecure.http3
  • Add this to the services → traefik → ports list:
    443:443/udp
  • Add 443/udp to your firewall/NAT port forward if required