I’m struggling with a basic configuration. Basically, I would like to get HTTPS over 0.0.0.0 (my website is in a Docker container). Somehow, with the following configuration, I can have HTTP but not HTTPS:
Since you can’t (practically) get a publicly-trusted certificate for an IP address, you will have to roll your own – but it won’t be trusted in browsers. And 0.0.0.0 isn’t a valid IP either, it’s just kind of a wildcard for “anything on this IPv4 interface.”
If you don’t know which domains you’ll be serving, you need to enable on-demand TLS using the tls directive’s ask subdirective (don’t use max_certs, we’re deprecating it next week): https://caddyserver.com/docs/tls
As an addendum to Matt Holt’s advice, if you need HTTPS, you can get a non-trusted, self-signed certificate for an IP address (it’s just not compatible with the Automatic HTTPS feature).
You’ll need to use tls self_signed to do that. You’ll also probably want to set the port and HTTP(S) redirection up manually - normally, Automatic HTTPS does that for you.
Feature request: wouldn’t it be great if one could set the expiry to something else than 7 days?? It saves someone from having to generate their own self-signed key/certificate, and has the same effect as self_signed (unless I misunderstand what self_signed does).