How to use two different SSL cert for LAN & WAN

1. The problem I’m having:

I want to use a self-signed SSL cert if the request is from LAN like
And server default let’s encrypt if the request is from WAN like

Please fill out the help topic template as per the forum rules. Without seeing your version, config, or logs, we have to make assumptions, and that’s a waste of time (both yours and ours).

You can just set up two separate site blocks with different tls config.

But if you actually want to choose certs based on the remote IP of the client, then that’s not possible via Caddyfile, but via JSON config you can configure TLS connection policies that match by remote IP JSON Config Structure - Caddy Documentation

1 Like

Sorry I thought It was a simple question :sweat_smile:

So there is no way to use Caddyfile like this {
} {
  tls ssl.crt ssl.key

And when we use :port { ... }, it overrides all other name-based configs. {
 # never gets SSL cert from Let's Encrypt

:443 {
 tls ssl.crt ssl.key
 #  serves provided ssl.crt for all requests regardless of name-based config 
:80 {
 redir https://{host}{uri}

Is this how it is supposed to work or am I missing something?
Is there any way to set a priority in Caddyfile for each config?

FYI, they’ve been called TLS certs since 1999. SSL is dead.

You can use auto_https ignore_loaded_certificates to get that behaviour

Thing is though, TLS certs need to contain the domain names they’re valid for. So it’s not possible to have a TLS cert that’s valid for all domains. I’m not sure what you’re trying to achieve here.