I consider switching from nginx to caddy because of the self updated certificates.
I would like to know if caddy supports multi-homed http server with proxy to same web server. By multi-homed I mean different domain names redirecting to the same ip address of the server. Will caddy manage distinct certificates for the different domain names ?
The ACME protocol allows to associate an email address to the certificate. I didn’t see examples where this email address would be specified in the Caddyfile. Can we specify the email address to associate to the certificate ?
How can we detect a failure to update a certificate ? Do we have to check the logs ? Can we have a mail sent in order to avoid service disruption ?
The more commonly used term for this is “virtual hosts”, or as Caddy calls them throughout the docs, “sites”.
See the structure of the Caddyfile to get an idea of how it looks:
Yes.
Yep, via global options:
Yes, you should always be checking your logs. That’ll be your earliest warning.
Let’s Encrypt will send you emails at 20, 10 and 1 days remaining in the certificate’s lifetime, if it wasn’t renewed. Caddy starts attempts to renew when 2/3 of the cert’s lifetime has expired (i.e. when 30 days remain, for 90 day certs). See Expiration Emails - Let's Encrypt
But also be aware that Caddy may also use ZeroSSL as an ACME provider, and they don’t send out emails the same way. So consider emails an “if all else fails” situation. You should always check your logs.
But as long as your DNS records and the IP assigned to your server stays up to date, and your firewall allows requests on ports 80/443, then you generally don’t have much to worry about and Caddy will automate the whole process seamlessly.