@matt @Whitestrake
Thank you so much. I have a few more points I was wondering to clear out:
Our customers will be filling out a form to enter domain names that they would be pointing to our Caddy server and currently these would be added to Caddy config with curl -X POST -H "Content-Type: application/json" -d '${domainsToAdd}' "http://localhost:2019/config/apps/http/servers/srv0/routes/0/match/0/host/..." once they submit that form. I am now considering if I should use On-Demand TLS instead.
- If I go with the programmatic approach of adding domains to the hosts array, is there any disadvantage if I add their domains before their DNS records are pointing to the Caddy Server?
- For On-Demand TLS, are the certificates then, only renewed if Caddy sees the domain requesting files close to the certificate expiry date but otherwise work stable? What if the certificate expires and then Caddy sees a request from that domain?
- Is On-Demand TLS, a scalable solution as well?
- If in future if we move from On-Demand TLS to the programmatic approach of adding domains, will it be possible to do so without causing issues in the SSL certificates? (Given that we will maintain a record of whitelisted domain names Caddy should serve on, for example, a cloud storage)