How can I configure Caddy to accept an Alternative domain name (SAN) for a single Letsencrypt certificate (Subject Alternative Name - SAN)?
anyone? any ideas?
Do you mean the certificates are not managed by Caddy and provided externally? If yes, why are you configuring Caddy that way? You’ll miss many Caddy benefits that way, making your setup fragile.
No I mean Caddy manages the certificates and it should accept traffic on a domain with an alternate domain name. Liek the SAN concept for multiple domains. Lets say I have a domain A with reverse proxy setup by Caddy. If my DNS record for Domain B points to the IP of A, Caddy should also accept traffic for Domain B using the certificate of Domain A.
It doesn’t have to be a single multi-SAN certificate. Caddy can do that and maintain separate single-SAN certs. Just do something like
example.com {
root /var/www/example
file_server
}
example-2.com {
root /var/www/example-2
file_server
}
Or
example-1.com, example-2.com {
root /var/www/example
file_server
}
Or
example-1.com, example-2.com {
root /var/www/{labels.1}
file_server
}
You can search the docs for other patterns
Thanks but I cannot work with 2 separate certificates because I run one mailserver (separate container) that is accepting mails for 2 different domains.
The mailserver utilises the Caddy generated certificate altough the traffic does not get routed by Caddy but goes directly to the mailserver (which uses the Caddy certificates).
mail.domain1.com {
tls {
key_type rsa2048
}
}
Caddyfile generates/manages one certificate from Letsencrypt (which my mailserver utilises) but that certificate should accept traffic for a second domain. Usually that is achieved via a multi-SAN certificate. I just need to tell Caddy that certificate for maildomain1 should also be accepting traffice for maildomain2.
All Caddy operations are only done with single-SAN as it’s best practice for the reasons discussed here:
If the domain names are sub-domains of the same main domain name, maybe you can use wildcard certificates?
unfortunately they are not subdomains. 2 separate domains
If the mail server cannot handle separate certificates per domain, then I’m afraid Caddy cannot generate multi-SAN.