Yeah, that was a mistake on my part. I didn’t expose any sensitive names at least so at worst I guess it’s just a bit of noise added. The main thing is I think I understand it now so it shouldn’t happen again.
I’m not currently sure how to test these suggestions in OPNsense since the caddy file seems to be autogenerated based on my GUI selections and recommends not to edit it. I expect there is a way to override those manually though so I will look into this once I’ve worked it out. It is weird that the single level wildcard domain works but not for nested ones.
In the mean time, I’d like to setup the local CA tls internal method with Caddy and handles based on the discussion you posted earlier:
I would like to do this all in Docker for a server on a different network (but local only usage within that network). So hopefully I can find some docker compose files for getting Unbound DNS (to point local hostname calls to Caddy), and Caddy running together. I hope not to have applications in that same Compose file and can just rely on their link to Unbound then to Caddy for other servers on that local network. I will put the Caddy root certificate into the OS trust store and web browser store for each client on that network I want this working for.
Am I right in thinking that in such a setup I would need no further intervention for it to work, eg. Caddy handles auto renewing of certificates? Or maybe it’s just a matter of setting a hundred year expiry for the certificates? Or, do I need the added ACME functionality that you suggested?
Thanks again!