How can I disable auto tls renewal?

milanolarry · July 6, 2020, 5:28am

Just want to know how I can disable auto tls renewal?

Whitestrake · July 6, 2020, 11:34pm

Hi @milanolarry, welcome to the Caddy community.

You can turn off Automatic HTTPS features entirely via Caddyfile global options, if you like:

auto_https configure automatic HTTPS. It can either disable it entirely ( off ) or disable only HTTP-to-HTTPS redirects ( disable_redirects ).

—Global options (Caddyfile) — Caddy Documentation

milanolarry · July 7, 2020, 5:26am

Thanks.
I put “auto_https off” into /etc/caddy/Caddyfile ; the following is what I find in /root/caddy.log

" Unknown directive 'auto_https"

Seem not quite right.

Whitestrake · July 7, 2020, 5:49am

auto_https is not a directive, it’s a global Caddyfile option.

It goes up the top of your Caddyfile in a special braced block with no site labels. Have a closer look at the docs for an explanation on usage:

It was only recently added to Caddy, so you might need to double check you’re on the latest version for it to work.

milanolarry · July 7, 2020, 5:58am

Thanks a lot for your reply. I am using V 1.0.4. Perhaps, it is a bit too old.

Whitestrake · July 7, 2020, 6:04am

Oh, yes, much older!

v2 is a complete rewrite from the ground up, basically an entirely new program. The link I gave you above is not relevant for v1.0.4.

Disabling Automatic HTTPS in v1 is a matter of breaking any one of the conditions that are required for it to be enabled in the first place. Here’s the v1 documentation:

https://caddyserver.com/v1/docs/automatic-https

Just pick any of the criteria there and break it. Note that this will probably also revert your site to v1’s default port (2015).

I’d be remiss not to advise upgrading to v2 while I’ve got you here - v1 is no longer being developed.

milanolarry · July 7, 2020, 6:10am

What will happen to Caddy if the tls cert expires? In fact, I have put my web server behind a CDN using a cert provided by Cloudflare. Is it okay I just ignore Caddy’s warning?

Whitestrake · July 7, 2020, 6:43am

When the certificate expires, Caddy will be unable to serve your site over HTTPS.

With Caddy v2, putting it behind Cloudflare won’t prove too much of a problem, because v2 will try different challenge types if it fails at first - and when it tries the HTTP-01 challenge it should succeed without any problems, even behind Cloudflare.

milanolarry · July 9, 2020, 8:24am

Thanks a lot

system · August 5, 2020, 5:39am

This topic was automatically closed after 30 days. New replies are no longer allowed.