Applying Wildcard Cert to Caddy

  • explain what you are trying to do
    I’m trying to use my wildcard cert with Caddy, installed with Snap.

  • show what you have already tried,
    I have installed Rocket Chat via Snap and Caddy via Snap.
    I followed the directions from
    Auto SSL with Snaps - Rocket.Chat Docs and now just need to apply my certs. I have the cert download from my provider and the key was exported from a windows server.

  • include error messages and log output,
    I’m not sure what location to place the certs and how to configure to work with HTTPS

  • and link to any relevant resources.
    Auto SSL with Snaps - Rocket.Chat Docs

Thank you in advance!

Put them anywhere on your file system that is secure.

Refer to that location when you declare your cert and key with the tls directive.

Don’t forget to set your ports and HTTP->S upgrade redirection explicitly; bringing your own keys disables Automatic HTTPS, which usually takes care of this for you.

Thank you for the help. I’m pretty new to this, do you know what I would use for the tls command? Also, does it matter what the cert format is? .pem .cer, etc.?

For the https can I just disable iptables?

The documentation for the TLS directive explains how to specify your cert/key and what format they should take.

I would not recommend disabling iptables. If you’re not comfortable manipulating iptables directly, consider installing ufw.

Can you explain how to check this? I can’t find anything.

Also, can you look at how I have it in the Caddy file and see if it’s correct?


Thank you!

Not much to check, you’d know if you had configured it already.

The Automatic HTTPS feature does a few things for you, namely:

By default, Caddy will bind to ports 80 and 443 to serve HTTPS and redirect HTTP to HTTPS.

Automatic HTTPS — Caddy Documentation

But it only does this if you aren’t providing your own cert/key:

Caddy automatically enables HTTPS for all your sites, given that some reasonable criteria are met:

  • […]
  • Certificates and keys are not provided by you

Automatic HTTPS — Caddy Documentation

Since you are providing your own cert, the site will be served over HTTPS on port 2015 by default instead.

If you want to change that so Caddy serves HTTP on port 80 and HTTPS on port 443, you’ll need to specify the scheme/port. You can do that in the site label:

And if you want to redirect HTTP traffic to upgrade them to HTTPS, you’ll need to add a redirect to your HTTP site pointing to the HTTPS site:

Thank you again for all the information but after a lot of time spent trying to figure it out, I just decided to go with Nginx. Do you know how I can uninstall/completely remove Caddy?

Thank you

Depends on how you installed it and ran it - normally, it’s a single binary, and it places certificate data in $CADDYPATH (defaults to ~/.caddy). So:

  1. Delete the caddy binary
  2. Delete the Caddyfile you were using
  3. Delete the $CADDYPATH

And there won’t be any trace left of Caddy on your system.

I installed with Snap. Would that be a different install?

Refer to Snap documentation.

Getting started | Snapcraft documentation

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.