I am using caddy tls plugin. I modified the existing code to play with it and see it’s behaviour. I tried dynamically generating some certificates which basically generates certificate for each request with a few days validity using same key pairs. However, it modifies the CNAME and expiry dates (few days) on the certificate. If I browse a domain (e.g. example.com) within first few days of deployment, I see valid certificate in terms of date. However, if I browse the same domain (e.g. example.com) after that few days of deployment, I see a certificate with expired date.
My guess is it is presenting the certificate that I got first time when I browsed that domain. Although I generate certificate on each request, why I am seeing the old certificate with expired date? Does it cache certificate based on domain name? Can you please point me to the caching part of the code so that I can understand the caching mechanism here?