Does Caddy get a new certificate everytime it is started?

I am experimenting with Caddy to serve my Go applications. It looks like it is going to be great working with it. Matt, thanks so much for creating it.

My main use would be to have Caddy as a reverse proxy.
I read that I should use the -ca flag to test Caddy configuration. Is it advisable/necessary to do this even for sites for which a certificate has already been obtained (that is, a site which I served without the -ca flag)?

Also, can someone give an advice about what would be a good location to store the Caddyfile if using Caddy as a reverse proxy to server multiple different applications?


Good questions, and thanks for your kind words!

Caddy will re-use certificates it has on disk for the given -ca URL, so if you specify a different CA, it will look in a different folder to see if it already has the certificate. If so, it uses it. If not, it will obtain one from that CA.

I usually put the Caddyfile next to the site, or at the closest folder in common with all the different sites. But you can do whatever you prefer.

1 Like

Thanks for the quick response. Much appreciated.

From your response it appears that when I am testing my configuration (for new domains I will be adding) and I am using the -ca flag I should also provide a URL for the CA. The docs also say

make sure you use the -ca flag to change the ACME endpoint to a staging or development URL

Can you please give an example of what this alternative URL is that can be used for staging or development? The default as I understand is the ACME endpoint. I think I used that yesterday (since I had not read the docs, I did not specify the -ca flag when I invoked caddy).

Thank you.

Try the one on this page: Staging Environment - Let's Encrypt

1 Like

Thank you so much.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.