docker – Traefik V2: Got 404 Page Not Found After Implement SSL Wildcard

So, I want to implement the SSL wildcard that I got from DigiCert to my running Traefik container (v2.4.8). Currently, I use Let’s Encrypt as my certificates resolvers, and my dashboard Traefik and Portainer can be accessed on HTTPS.
But after I implement the SSL wildcard, both dashboard Traefik and Portainer can’t be accessed, instead, it shows me “404 page not found” but I can see the cert implemented.
This is my docker-compose.yml file:

version: "3"

services:
  traefik:
    image: traefik:latest
    container_name: traefik
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    environment:
      - TZ=Asia/Jakarta
    command:
      - --accesslog.fields.names.StartUTC=drop
      - --providers.docker
      - --providers.file.directory=/traefik-data/tls.yml
      - --providers.file.watch=true
    networks:
      - proxy
    ports:
      - 80:80
      - 443:443
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./traefik-data/traefik.yml:/traefik.yml:ro
      - ./traefik-data/acme.json:/acme.json
      - ./traefik-data/configurations:/configurations
      - ./traefik-data/cert:/cert
      - ./traefik-data/tls.yml:/tls.yml:ro
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=proxy"
      - "traefik.http.routers.traefik-secure.entrypoints=websecure"
      - "traefik.http.routers.traefik-secure.rule=Host(`traefik.mydomain.com)"
      - "traefik.http.routers.traefik-secure.middlewares=user-auth@file"
      #- "traefik.http.routers.traefik-secure.tls=true"
      - "traefik.http.routers.traefik-secure.service=api@internal"

  portainer:
    image: portainer/portainer-ce:latest
    container_name: portainer
    restart: unless-stopped
    security_opt:
      - no-new-privileges:true
    networks:
      - proxy
    volumes:
      - /etc/localtime:/etc/localtime:ro
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./portainer-data:/data
    labels:
      - "traefik.enable=true"
      - "traefik.docker.network=proxy"
      - "traefik.http.routers.portainer-secure.entrypoints=websecure"
      - "traefik.http.routers.portainer-secure.rule=Host(`portainer.mydomain.com`)"
      - "traefik.http.routers.portainer-secure.service=portainer"
      #- "traefik.http.routers.traefik-secure.tls=true"
      - "traefik.http.services.portainer.loadbalancer.server.port=9000"

networks:
  proxy:
    external: true

My static configuration (traefik.yml):

api:
  dashboard: true

entryPoints:
  web:
    address: :80
    http:
      redirections:
        entryPoint:
          to: websecure
          scheme: https
          permanent: true

  websecure:
    address: :443
    http:
      middlewares:
        - secureHeaders@file
#      tls:
#        certificates:
#          - certFile: "/cert/bundle.crt"
#            keyFile: "/cert/mydomain.key"
#        certResolver: letsencrypt

providers:
  docker:
    endpoint: "unix:///var/run/docker.sock"
    exposedByDefault: false
  file:
    filename: /configurations/dynamic.yml
    filename: tls.yml

#certificatesResolvers:
#  letsencrypt:
#    acme:
#      email: me@example.com
#      storage: acme.json
#      keyType: EC384
#      httpChallenge:
#        entryPoint: web

My dynamic configuration (tls.yml):

tls:
  certificates:
    - certFile: "/cert/bundle.crt"
      keyFile: "/cert/mydomain.key"
  options:
    default:
      sniStrict: true
  stores:
    default:
      defaultCertificate:
        certFile: "/cert/bundle.crt"
        keyFile: "/cert/mydomain.key"

(dynamic.yml):

http:
  middlewares:
    secureHeaders:
      headers:
        sslRedirect: true
        forceSTSHeader: true
        stsIncludeSubdomains: true
        stsPreload: true
        stsSeconds: 31536000

    user-auth:
      basicAuth:
        users:
          - "admin:$apr1$UdkaACnx$IBAWRG7vIoTbHGRMolFq4q."

tls:
  options:
    default:
      cipherSuites:
        - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
        - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
        - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
        - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
        - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
      minVersion: VersionTLS12

Or should I put the TLS configuration under provider docker like so as the doc said here:

providers:
  docker:
    tls:
      cert: path/to/foo.cert
      key: path/to/foo.key

Can you tell me what did I do wrong? I appreciate any help!
Thanks!