1. Caddy version (caddy version): 1
2. How I run Caddy:
a. System environment:
NAME=“Ubuntu”
VERSION=“18.04.3 LTS (Bionic Beaver)”
b. Command:
caddy -conf Caddyfile -log caddy.log
c. Service/unit/compose file:
paste full file contents here
d. My complete Caddyfile or JSON config:
root /srv/current/
log /srv/current/log/caddy-access.log
errors /srv/current/log/caddy-error.log
gzip
tls dev@example.com
proxy / unix:/srv/current/tmp/sockets/puma.sock {
transparent
}
}
*.example.com {
root /srv/current/
log /srv/current/log/caddy-access.log
errors /srv/current/log/caddy-error.log
gzip
tls {
dns godaddy
}
proxy / unix:/srv/current/tmp/sockets/puma.sock {
transparent
}
}
:443 {
root /srv/current/
log /srv/current/log/caddy-access.log
errors /srv/current/log/caddy-error.log
gzip
tls dev@example.com {
ask http://localhost:9005/allowed
}
proxy / unix:/srv/current/tmp/sockets/puma.sock {
transparent
}
}
3. The problem I’m having:
I’d like to block sub sub domains.
Currently the *.example.com is working perfectly
We are also using the automatic tls to serve custom domains
The issue is that any sub sub domain (hello.hello.example.com) is actually trying to create a cert and bots are hitting a bunch of subdomains and we are hitting the limits.
4. Error messages and/or full log output:
failed to obtain certificate: acme: error: 429 :: POST :: https://acme-v02.api.letsencrypt.org/acme/new-order :: urn:ietf:params:acme:error:rateLimited :: Error creating new order :: too many certificates already issued
5. What I already tried:
I’ve looked through the docs and also tried to find any similar question/answer without success.