diff --git a/.env.sample b/.env.sample
index 62c6352..30762dd 100644
--- a/.env.sample
+++ b/.env.sample
@@ -46,6 +46,19 @@ COMPOSE_FILE="compose.yml"
 #GANDI_ENABLED=1
 #SECRET_GANDIV5_API_KEY_VERSION=v1
 
+#####################################################################
+# Manual wildcard certificate insertion                             #
+#####################################################################
+
+# Set wildcards = 1, and uncomment compose_file to enable.
+# Create your certs elsewhere and add them like:
+# abra app secrets insert {myapp.example.coop} ssl_cert v1 "$(cat /path/to/fullchain.pem)"
+# abra app secrets insert {myapp.example.coop} ssl_key v1 "$(cat /path/to/privkey.pem)"
+#WILDCARDS_ENABLED=1
+#SECRET_WILDCARD_CERT_VERSION=v1
+#SECRET_WILDCARD_KEY_VERSION=v1
+#COMPOSE_FILE="$COMPOSE_FILE:compose.wildcard.yml"
+
 #####################################################################
 # Keycloak log-in                                                   #
 #####################################################################
diff --git a/abra.sh b/abra.sh
index fcae9d8..f42c912 100644
--- a/abra.sh
+++ b/abra.sh
@@ -1,3 +1,3 @@
-export TRAEFIK_YML_VERSION=v17
-export FILE_PROVIDER_YML_VERSION=v8
+export TRAEFIK_YML_VERSION=v18
+export FILE_PROVIDER_YML_VERSION=v9
 export ENTRYPOINT_VERSION=v2
diff --git a/compose.wildcard.yml b/compose.wildcard.yml
new file mode 100644
index 0000000..4e46d83
--- /dev/null
+++ b/compose.wildcard.yml
@@ -0,0 +1,16 @@
+---
+version: "3.8"
+
+services:
+  app:
+    secrets:
+      - ssl_cert
+      - ssl_key
+
+secrets:
+  ssl_cert:
+    name: ${STACK_NAME}_ssl_cert_${SECRET_WILDCARD_CERT_VERSION}
+    external: true
+  ssl_key:
+    name: ${STACK_NAME}_ssl_key_${SECRET_WILDCARD_KEY_VERSION}
+    external: true
diff --git a/compose.yml b/compose.yml
index bba8f6a..3795cae 100644
--- a/compose.yml
+++ b/compose.yml
@@ -3,7 +3,7 @@ version: "3.8"
 
 services:
   app:
-    image: "traefik:v2.10.5"
+    image: "traefik:v2.10.7"
     # Note(decentral1se): *please do not* add any additional ports here.
     # Doing so could break new installs with port conflicts. Please use
     # the usual `compose.$app.yml` approach for any additional ports
diff --git a/file-provider.yml.tmpl b/file-provider.yml.tmpl
index a7d3d48..aa827bd 100644
--- a/file-provider.yml.tmpl
+++ b/file-provider.yml.tmpl
@@ -25,7 +25,6 @@ http:
     security:
       headers:
         frameDeny: true
-        sslRedirect: true
         browserXssFilter: true
         contentTypeNosniff: true
         stsIncludeSubdomains: true
@@ -45,3 +44,8 @@ tls:
         - CurveP521
         - CurveP384
       sniStrict: true
+  {{ if eq (env "WILDCARDS_ENABLED") "1" }}
+  certificates:
+    - certFile: /run/secrets/ssl_cert
+      keyFile: /run/secrets/ssl_key
+  {{ end }}
\ No newline at end of file
diff --git a/traefik.yml.tmpl b/traefik.yml.tmpl
index b734a8a..0c94743 100644
--- a/traefik.yml.tmpl
+++ b/traefik.yml.tmpl
@@ -114,4 +114,4 @@ certificatesResolvers:
         resolvers:
           - "1.1.1.1:53"
           - "9.9.9.9:53"
-      {{ end }}
+      {{ end }}
\ No newline at end of file