How Caddy can use Let's Encrypt for local domains?

Hello guys,

Like the title said, I’m wondering how Caddy server able to use Let’s Encrypt on non-exists domains? Let’s Encrypt need to “ping” the domain before provide a certificate, right?

The document here: Automatic HTTPS — Caddy Documentation doesn’t provide information I needed. :frowning:

I’m really susprised about this project, very useful to me. Even I didn’t use it :slight_smile:


It sounds like you want to use Caddy to serve intranet sites over HTTPS (e.g.

Unfortunately LetsEncrypt is a root CA and will only sign certificates for verifiable public DNS domains (e.g. .com, .net).

You can still use Caddy for an intranet site over HTTPS - your options are:

  1. Distribute your own CA certificate, sign a cert for your intranet domain with it, and configure Caddy to use the signed cert with tls cert key
  2. Use a temporary self-signed key in memory each time with tls self_signed

Check out the Caddy tls docs for more info, and you can read up on how LetsEncrypt works here.


Letsencrypt requires ownership of given entity (domain). You can’t prove that you are the owner of .local domain as anyone else can prove it :slight_smile:

1 Like

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.