The above code is my Caddy file, I only want to keep aero.xyz renewed automatically since cdn.aero.xyz is on cloudflare and it manages the certificate for me.
If I turn the auto_https on then it would start to manage cdn.aero.xyz OR as in your example, it would allow the http protocol when visiting cdn.aero.xyz - this is undesirable considering currently cdn.aero.xyz only allows secure visits.
I see, the problem of this setup being I would have duplicated block (quite large). Also if I do not have tls setting in a domain would it fall automatically back to auto_https even if I have it turned off globally?
So caddy’s auto_https feature will not issue or renew a certificate for vhosts that have an explicit tls directive that loads a certificate from your specified location.
Take for example the Caddyfile @francislavoie posted:
With auto_https enabled (on [default] or disable_redirects), Caddy will issue/renew a certificate for aero.xyz, but not for cdn.aero.xyz, because the cdn.aero.xyz explicitly loads a certificate from the file system
Would you mind sharing your reasons why you disabled auto_https?
Cool, because the certificate for cdn.aero.xyz is really on cloudflare’s CDN instead of on my origin server (I use non-strict tls connection between cloudflare and my origin server).
I think with @import it would work. I missed his last statement.
Make sure the TLS cert you load in Caddy has cdn.aero.xyz in its SAN field. If the cert doesn’t have the right SAN, then Caddy will ignore it when looking to manage that domain name.