UPDATE: This is a very popular topic in search results, but it’s also over 3 years old. Caddy now works very well in a cluster to coordinate certificate management and share assets. Please refer to the latest offiical documentation and relevant wiki articles for information.

Hey Mark, I’ve got good news and bad news, and more good news.

Good news: Caddy’s TLS asset storage is designed to be pluggable. Meaning you can plug in a TLS storage provider that takes care of the replication and syncing between Caddy instances, especially useful if the storage is a shared resource.

Bad news: It’s not fully developed yet; you’ll have to change some of the code and compile Caddy yourself, after writing the storage plugin you want.

More good news though: In a little while, we’ll be launching a subscription product for companies who rely on Caddy to ensure their features get considered first and get their bugs fixed before others, as well as guaranteed continued development and private support.

You could do this, but replication may not be enough. Once Caddy loads a certificate, it will try to manage it, including renewing it. You don’t want each node doing that independently.

Yes. So, replication could solve that problem, but…

It will count against your rate limit. Which is bad. If you only replicate, each Caddy will attempt renewals, instead of just one of them. This is why the storage plugin is necessary: it coordinates management of the TLS assets too.