General request for advice here: I am looking for documentation about configuring caddy for letsencrypt while on localhost.
I want to make sure that my local caddy dev setup will work with letsencrypt when I move it to production:
this is for caddy v2 running in docker-compose container
I am using the native caddy v2 config format (JSON)
I have set up the v2 config to use letsencrypts staging environment (from here)
Specifically:
I want to ensure that the certificates will be properly saved to persistent docker volumes. I know how to set up docker volumes. I however don’t know where caddy saves certs by default or how to tell it where to save certs.
where can I find documentation for where caddy v2 saves certs?
I want to be able to pass the acme challenge right here on my localhost. It seems the dns challenge may be my only option for this to work on my localhost. I know how to disable the other challenges so that the only option is the dns challenge (from here)
where can I find detailed instructions about setting up a dns acme challenge for caddy v2
My main aim is to minimize trial and error of my setup online - I want to do the trial and error right here on my localhost and avoid issue like this. Kindly help.
I’m still working on adding this to v2, coming shortly after I finish the Caddyfile upgrades.
To clarify, you still need a public domain name, but yes the DNS challenge does not require any external access to your web server. (You could also set A/AAAA records to your localhost, then port forward on your internal network, and use the regular HTTP and TLS-ALPN challenges.)
Thanks for the documentation, exactly what I was looking for!
and yes
I was assuming the use of public, fully resolved, domain names and I am also trying to avoid opening up ports to my personal computer at home.
But this brings up yet another question - lets say I do the following:
I use a valid public domain to get a letsencrypt cert for my local caddy instance
Then I configure caddy to do https on my localhost using that cert
Then I go to my browser and type in that publicly resolvable domain name
Will I have to tweak /etc/hosts to prevent public internet DNS lookups ?
You won’t need to configure Caddy explicitly to do this; it will use the cert automatically after obtaining one from Let’s Encrypt.
Yep; if your domain’s A/AAAA records don’t point to your home network, then you need to tell your local system resolver to loopback for that domain name.
