2
New to Caddy - Trying to get a wildcard certificate
(reddthat.com)
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Beginning of January 1st 2024 this rule WILL be enforced. Posts that are not tagged will be warned and if not fixed within 24h then removed!
That file is your new binary Caddy binary, assuming your server is an x64 Linux machine.
Using that should follow mostly the same procedure as if you've built it yourself, following the doc @terribleplan@lemmy.nrd.li posted above, except you probably need to
chmod +x
that first, and maybechown
it too. (This is because your browser wisely does not mark files downloaded from the Internet as executable, and almost certainly does not run as root either)Disclaimer: I've always used docker images instead and have not tested this. But I think it should work, assuming those docs are correct for the self-built case.
Move that file to your server (if necessary) and open a terminal in the directory where you've placed it. Then execute these commands:
If Caddy is already running you'll probably want to restart it using
sudo systemctl restart caddy
.When a new version of Caddy comes out it won't update the binary (because it has been diverted), so to update it manually you'll need to redo a few of the steps:
Download (and transfer if necessary) a new binary, then from a terminal:
(Plus again
sudo systemctl restart caddy
if it's already running)Typing all this out makes me so glad Watchtower exists for my Docker containers. I just made a Github Action to do a daily rebuild of Caddy with my modules, put that image name in my
docker-compose.yaml
, and Watchtower takes care of the rest.Thank you for this.. i need to take some time to read it more thoroughly... though your approach with Docker though will likely make a lot more sense for my environment.
Docker is also a bit tricky, because to use a custom binary you need to build a custom image. But if you don't mind manually installing updates it's not too bad.
I had it running but it didn't seem to be issuing wildcards.. but afterwards i realised that whilst i had told it to use the cloudflare API.. i don't think at any stage i'd actually told it to issue wildcards.. i guess i need to figure out how to do that...
I'm questioning my need though really.. i think the docs say it's not recommended unless you're dealing with thousands of subdomains..
It will only issue wildcards if you have any sites named like
*.yourdomain.com
, i.e. it needs to see the*.
to know to issue wildcards.The relevant parts of my Caddyfile look like this:
The
(alias)
snippet at the top is used in the site block to tell it how to use a particular subdomain.(I've removed some Authelia stuff and handling the apex domain)
{$DOMAIN}
fills in my base domain from the environment, and{env.*}
does the same for my credentials (but without putting it in the JSON config).Amazing.. .thank you!