Can Caddy be used for "wildcard" SSL any level deep?

Hello, I’m a Caddy n00b, thinking of trying Caddy to see if it solves a problem.

I want to automatically support SSL for arbitrary subdomains at any level deep. For example,

  • some.web.site
  • a.cool.web.site
  • come.visit.my.web.site

Basically the subdomains can be arbitrary, and with any number of perdiod . characters.

I saw that the demo says to make sure the subdomains are direct subdomain of the top level domain. Does this mean what I want to do is not possible? Or it is only the demo with that limitation?

Wildcard certs are only valid for single-level depth. This isn’t a webserver thing, this is just how TLS certs work. Only a single *. segment is valid during ACME cert issuance.

So you can do *.web.site or *.cool.web.site but not like *.*.web.site.

Also if you need wildcard certs, you need to build Caddy with the appropriate DNS plugin (for whoever your DNS provider is) so that Caddy can solve the ACME DNS challenge to prove you control the domain.

2 Likes