Issue with Wildcard SSL Cert Generation for Subdomains Using Godaddy DNS Challenge

Hello everyone,

I’m new to using Caddy and have started setting it up for my homelab. Caddy is running inside a LXC container on Proxmox (not as docker container). My setup consists of several LXC containers and VMs running on Proxmox, and I would like to access them using hostnames like myservice.mydomain.ca. I’ve configured my DNS server to redirect all traffic from *.mydomain.ca to the IP where Caddy is running. My domain is managed through GoDaddy, and I’ve followed the steps to build Caddy with the GoDaddy DNS module.

However, I’m encountering an issue with generating and using a wildcard SSL certificate for all my subdomains. Based on the Caddy logs, it seems like it’s trying to generate a separate certificate for each subdomain, when I believe it should be using a single wildcard certificate (*.mydomain.ca) for all subdomains.

I must be missing something in my configuration. Below is my current Caddyfile (with all values modified for privacy, but it is similar to my actual configuration):

*.mydomain.ca {
    tls {
        dns godaddy {GODADDY_API_KEY}:{GODADDY_API_SECRET}
        propagation_delay 2m
    }
}

# Reverse Proxy for Proxmox
pve1.mydomain.ca {
    reverse_proxy https://10.0.0.2:8006 {
        # WebSocket support
        header_up X-Real-IP {remote}
        header_up X-Forwarded-For {remote}
        header_up X-Forwarded-Proto {scheme}
        header_up Host {host}

        # Transport settings to avoid SSL verification errors
        transport http {
            tls_insecure_skip_verify
        }
    }
}

# Reverse Proxy for Vaultwarden
vaultwarden.mydomain.ca {
    reverse_proxy 10.0.0.100:3000
}

Could someone please review my Caddyfile and point out if it’s correct or if I’m missing something? I would really appreciate any help in resolving this issue and ensuring that the wildcard certificate is used correctly across all subdomains.

Thanks in advance!

Add this to your Caddyfile under global options:

{
    auto_https prefer_wildcard
}
1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.