Build Caddy with DNS plugin


I have build caddy with the Cloudflare plugin by adding

_ "”

to run.go. The plugin is listed in “caddy —plugins”.
But when I run caddy it will use LetsEncrypt instead of Cloudflare.
My caddyfile and Cloudflare setup should by ok because when I use caddy downloaded from the website anything works fine.

Is there anything I missing to build caddy correctly?

Thanks for your help.

You will also need to specify dns cloudflare in your tls directive so that caddy knows to use the DNS challenge. It will still obtain certificates from let’s encrypt, but it will use DNS to do it.

Thanks for your reply Matt.
I want to obtain the certificates from cloudflare. That’s working correctly when I use caddy with the cloudflare plugin downloaded from the website. So my caddyfile and cloudflare setup are correct.
When I build caddy from source, it want to obtain the certificates from let’s encrypt (ask for the email address).

Caddy doesn’t obtain certificates from Cloudflare – you must mean it obtains certificates from Let’s Encrypt using DNS validation where Cloudflare is your DNS provider?

What is your full and unredacted Caddyfile?

Hey Matt

Sorry but I’m not so familiar with this topic.
At first I have solved the problem. I forgot to allow caddy to bind “privileged” ports.
Now it works with my own build.

For my understanding. I have set Cloudflare certificates to „Full (strict)“ that means that the server needs the certificates from cloudflare?

No, this means that Cloudflare will connect to your server using encrypted TLS, using your Let’s Encrypt certificate. Visitors to your website will see Cloudflare’s TLS certificate, which it obtains seperately.

Your server doesn’t need Cloudflare’s certificate, it just needs the Let’s Encrypt certificate so that the connection between your server and Cloudflare is secured properly.

Thanks for your answer and sorry for my, maybe, dumb questions.
I don’t need to set a email for Let’sEncrypt which caddy ask for when I don’t use Cloudflare?
Cloudflare provides two api keys. One global and one to create certificates. Caddy ask for the cloudflare credentials and I use the key to create a certificate. Is this correct?

Caddy will remember which email you entered for Let’s Encrypt, so that’s why it didn’t ask for it when you changed it to Cloudflare.

You shouldn’t need to do any certificate creation with Cloudflare at all, it is done for you.

1 Like

Thanks for your replies and sharing your knowledge. There is so much to learn and it’s great Caddy has a community like this.


This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.