This seems to add .php if the request path did not include a dot anywhere. I don’t remember what NC,L does (I couldn’t be bothered to re-learn Apache rewrite rules, I rather leave it in the dust)
You don’t have any ask endpoint configured. This is now invalid config in the latest version. You must have an ask endpoint, otherwise you’re at risk of DDoS. An attacker could point a wildcard domain at your server then make an infinite amount of requests with different domains, forcing your server to issue useless certificates, exhausting your storage space and hitting rate limits.
then what if you want dynamic? for example, is there a new domain that I want to add based on the cname so that the new domain automatically has an automatic SSL the first time you visit it? Any suggestion?
You need to maintain an allow-list. That’s the point of the ask endpoint. Have your users register the domain they want to use with you first, then the ask endpoint will check with your server if it’s allowed. Otherwise you’re at risk of DDoS, like I said.
No, you handle that yourself. Then you configure the ask endpoint in Caddy, and Caddy makes a request to your server to ask it “should I manage a cert for this domain”. You return either status 200 to say yes, 4xx status for no.