Allow random domain?

First line of Caddyfile is the domain.

If someone were to build a hosting service and wanted to allow users to cname their domain to point to the hosting site, there would be no way to know the domain beforehand.

Is caddy capable of handling this scenario and ideally also ask the backend to verify that a domain is allowed?

Thank you very much for reading this question.

Hello, @princemaple! That’s absolutely possible. The feature you’re looking for is On-Demand TLS. In your Caddyfile, you need to specify the endpoint that will approve or deny the domains using the on_demand_tls global option. You also need to enable on-demand TLS in the TLS config in the Caddyfile.


The first line of the Caddyfile is the site’s address, which isn’t always a domain.

It could be an IP. Or a port. Or a path. Or a scheme. Or any/all of those:

An address always appears at the top of the site block, and is usually the first thing in the Caddyfile.

These are examples of valid addresses:


So you can specify just a port and Caddy will accept all Host headers for that port.

1 Like

Thanks a lot! Mohammed and Matt.

I knew about on-demand tls but wasn’t sure if it’d work when it’s not a wildcard subdomain.
Verified locally and it’s working perfectly.



2 posts were split to a new topic: How to know when certificates fail to renew

This topic was automatically closed after 30 days. New replies are no longer allowed.