1. The problem I’m having:
I want to use a self-signed SSL cert if the request is from LAN like https://192.168.1.10
And server default let’s encrypt if the request is from WAN like https://website-name.com
I want to use a self-signed SSL cert if the request is from LAN like https://192.168.1.10
And server default let’s encrypt if the request is from WAN like https://website-name.com
Please fill out the help topic template as per the forum rules. Without seeing your version, config, or logs, we have to make assumptions, and that’s a waste of time (both yours and ours).
You can just set up two separate site blocks with different tls
config.
But if you actually want to choose certs based on the remote IP of the client, then that’s not possible via Caddyfile, but via JSON config you can configure TLS connection policies that match by remote IP JSON Config Structure - Caddy Documentation
@francislavoie
Sorry I thought It was a simple question
So there is no way to use Caddyfile like this
website-name.com {
...
}
192.168.1.10:443 {
tls ssl.crt ssl.key
...
}
And when we use :port { ... }
, it overrides all other name-based configs.
website-name.com {
...
# never gets SSL cert from Let's Encrypt
}
:443 {
tls ssl.crt ssl.key
...
# serves provided ssl.crt for all requests regardless of name-based config
}
:80 {
redir https://{host}{uri}
}
Is this how it is supposed to work or am I missing something?
Is there any way to set a priority in Caddyfile for each config?
FYI, they’ve been called TLS certs since 1999. SSL is dead.
You can use auto_https ignore_loaded_certificates
to get that behaviour
Thing is though, TLS certs need to contain the domain names they’re valid for. So it’s not possible to have a TLS cert that’s valid for all domains. I’m not sure what you’re trying to achieve here.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.