1. The problem I’m having:
I’m having great difficulties understanding how to utilise the caddy-dns/cloudflare plugin to sign my wildcard certificate.
After some try and error I managed to get it half way working via the Caddyfile:
duelify.com {
tls {
dns cloudflare {env.CLOUDFLARE_API_TOKEN}
}
reverse_proxy localhost:5001
}
:80 {
redir https://{host}{uri} permanent
}
According to the logs it works. But how could I do the same in JSON?
I tried it with ChatGPT, but this doesn’t seem quite right. I thought I better double check here:
"apps": {
"tls": {
"automation": {
"policies": [
{
"subjects": ["duelify.com"],
"issuer": {
"module": "acme",
"ca": "https://acme-v02.api.letsencrypt.org/directory",
"challenges": {
"dns": {
"provider": {
"name": "cloudflare",
"api_token": "{env.CLOUDFLARE_API_TOKEN}"
}
}
}
}
}
]
}
}
}
This is the caddy.json that I’m trying to refactor by utilising this plugin above.
I’m not very experienced with Caddy, but it seems they use a different way of doing this:
"tls": {
"certificates": {
"automate": ["z1.xx.yy","z2.xx.yy","h3.xx.yy"]
},
"automation": {
"policies": [{
"issuers": [{
"module": "acme",
"email": "your@email.com"
},
{
"module": "zerossl",
"email": "your@email.com"
}]
}]
}
}
It doesn’t look like they are using this plugin.
3. Caddy version:
v2.6.4 h1:2hwYqiRwk1tf3VruhMpLcYTg+11fCdr8S3jhNAdnPy8=
4. How I installed and ran Caddy:
sudo apt install -y debian-keyring debian-archive-keyring apt-transport-https
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
sudo apt update
sudo apt install caddy
sudo systemctl stop caddy
mv ~/caddy_linux_amd64_custom /usr/bin/caddy
sudo chmod +x /usr/bin/caddy
systemctl start caddy
a. System environment:
Debian 11
Thanks