Thanks for writing up this guide, @caddyhello. I’ve got some thoughts and recommendations for you.
I’m not sure I agree with this analogy. Caddy is web server software designed to be deployed to a large number of operating systems on different hardware architectures.
It would be more analogous to the engine itself, provided in such a way that it fits in a variety of frames… Assuming the installer knows how to connect an engine to the rest of the vehicle properly. Maybe better again to refer to it as one of the many parts of an engine. I’d say it’s still a difficult association, though.
To be unambiguous, Caddy users are expected to have an understanding of the hardware and software environment they plan to deploy Caddy in, much the same as Apache or nginx expects of their users. To say that building an engine is required is… not an honest representation, I believe.
Ignoring the directly patronizing tone of this comment (please consider the community guidelines before posting in this manner again), the comment you referenced from an earlier thread was a targeted response with a specific objective in mind: to determine whether or not there was some issue with the graceful reloading functionality that might have helped to explain your issue.
The fact that it was taken as a one-liner to fob you off in the manner of IT Crowd, instead of an intent to help diagnose and fix the problem you encountered in the course of the thread, is truly unfortunate.
This will probably end up with a similar problem to the one you encountered in the previous thread, which will require some manual editing to fix.
If I might suggest a slight modification, which should put newlines between each certificate:
cat mysite.crt <(echo) Root.crt <(echo) Intermediate.crt > mysite_bundle.pem
Unless I’m much mistaken, only one of these two is required. They both do the same thing. I’d recommend using the systemd one, because it’s more secure.
This isn’t quite accurate. The presence of the -agree flag has no bearing on how Caddy decides whether or not to contact the ACME server at all. That’s determined purely by the contents of your Caddyfile.
Also, instead of setting it to false (which has no explicit effect), you could simply remove it entirely (it’s off by default and has be specified in order to enable it, as a feature for automated environments like systemd).
I’d redir to https://mysite.com instead. The rest are up to preference, but personally I’d use http:// and https:// instead of :80 and :443, in order to reduce ambiguity.
The rest is pretty straight forward, thanks for compiling this information.