Any way to "warm up" by getting certificates before switching to Caddy?


I am going to be switching from going directly to some Apache servers, by putting in Caddy in front. We are commercial users and bought it :slight_smile:

Here is my situation. I want to use automatic https. We have 2500 domains needing certificates. If I cutover, many will be down due to the 300 new orders / 3 hours with LE. I was hoping to find a way to get certs before cutover. DNS is not an option.

I have HTTPS ports going to my Caddy systems, but HTTP still goes to Apache directly. If I try and get a cert, it fails because of the HTTP solver.

I was reading about the tls-alpn-01 solver, and this seems like it would work perfectly. But I am not certain if I can even enable this, nor how to do it if I can. If I could get that going, I could spend a couple weeks getting the certificates to do the cutover, and then we could use the http solver going forward.

Otherwise, is there any kind of way to have a re-write or something, where Caddy would answer the HTTP solver requests, but still pass the other HTTP traffic to the Apache servers? And not do the redirect from HTTP to HTTPS.

Help? :slight_smile:

1 Like

You can leave Caddy in the back somewhere, and tell Apache to proxy any requests for /.well-known paths back to Caddy.

I think that’s all Caddy will need to validate the certificates at startup.

You could also put Caddy in front, run all the sites as HTTP-only for a while, and block them up to HTTPS in 300-site chunks by rewriting the Caddyfile and reloading Caddy with signal USR1.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.