Is it possible to pause Caddy from issuing or renewing certs?

zemaj · March 13, 2022, 10:19am

Does anyone know if it’s possible to pause Caddy from issuing new or renewing certs, but still continuing to serve traffic on existing certs?

I issue certs using on_demand_tls and server traffic using reverse_proxy. Using caddy 2.4.6.

I’m currently working on a migration which involves switching Caddy to a new filesystem. I’d like to be able to perform the following steps;

Pause the existing caddy install from issuing new or renewing certs
Copy cert files across to the new system
Point traffic to the new system
Verify that new caddy system is serving traffic correctly
Turn off old system
Enable renewing / issuing new certs on the new system.

If not does, anyone have any ideas on how the migration might be performed with a minimal disruption? I have some ~200 certs so while I could just issue new certs on the new system and still be within rate limits but it doesn’t give me much room if I need to roll back.

Thanks in advance!

francislavoie · March 13, 2022, 12:41pm

Caddy can operate as a cluster if you set up a filesystem share between the two systems for Caddy’s storage. That should be good enough to let you migrate while having both running. Some types of filesystem sharing has problems with consistency and atomicity which can screw up in certain situations, but you should probably be fine if you have relatively low issuance frequency for now.

system · April 12, 2022, 10:20am

This topic was automatically closed after 30 days. New replies are no longer allowed.