to run.go. The plugin is listed in “caddy —plugins”.
But when I run caddy it will use LetsEncrypt instead of Cloudflare.
My caddyfile and Cloudflare setup should by ok because when I use caddy downloaded from the website anything works fine.
Is there anything I missing to build caddy correctly?
You will also need to specify dns cloudflare in your tls directive so that caddy knows to use the DNS challenge. It will still obtain certificates from let’s encrypt, but it will use DNS to do it.
Thanks for your reply Matt.
I want to obtain the certificates from cloudflare. That’s working correctly when I use caddy with the cloudflare plugin downloaded from the website. So my caddyfile and cloudflare setup are correct.
When I build caddy from source, it want to obtain the certificates from let’s encrypt (ask for the email address).
Caddy doesn’t obtain certificates from Cloudflare – you must mean it obtains certificates from Let’s Encrypt using DNS validation where Cloudflare is your DNS provider?
Sorry but I’m not so familiar with this topic.
At first I have solved the problem. I forgot to allow caddy to bind “privileged” ports.
Now it works with my own build.
For my understanding. I have set Cloudflare certificates to „Full (strict)“ that means that the server needs the certificates from cloudflare?
No, this means that Cloudflare will connect to your server using encrypted TLS, using your Let’s Encrypt certificate. Visitors to your website will see Cloudflare’s TLS certificate, which it obtains seperately.
Your server doesn’t need Cloudflare’s certificate, it just needs the Let’s Encrypt certificate so that the connection between your server and Cloudflare is secured properly.
Thanks for your answer and sorry for my, maybe, dumb questions.
I don’t need to set a email for Let’sEncrypt which caddy ask for when I don’t use Cloudflare?
Cloudflare provides two api keys. One global and one to create certificates. Caddy ask for the cloudflare credentials and I use the key to create a certificate. Is this correct?