Migrating to Caddy with existing LetsEncrypt certs

ideasasylum · August 9, 2017, 1:09pm

I’ve been running something of a Rube Goldberg machine involving Ansible + nginx + letsencrypt to provide a secure endpoint for our user’s custom domains. They point they domain name to our proxy, we provide the SSL certs through LetsEncrypt, and forward the request on to our apps servers

Anyway…

I’m considering migrating to Caddy to simplify the deployment of this stack and reduce the number of moving parts. I’ve built a quick prototype and it appears to work really well

But I’m wondering if I can / should migrate the existing LetsEncrypt certs?

I’ve currently got 171 sites configured with certs from LetsEncrypt (using the letsencrypt command line tool).

Can I reference those existing certs from Caddy?
Should I? Or should I let Caddy try to reissue them? Does that even work?
And if I just reference them from the Caddyfile, how will they be renewed?

captncraig · August 9, 2017, 1:25pm

The easiest thing is to just let caddy re-issue them. Rate limits could be an issue, but likely not, unless you have a high number of subdomains of a single domain. Shouldn’t hurt to try.

matt · August 9, 2017, 3:10pm

As Craig says, just let Caddy do its auto-HTTPS. If you provide certs manually, you’ll have to renew them manually too. The best thing you can do is let Caddy just obtain and manage them for you.

If you have a lot of subdomains, switch them over to Caddy a little bit at a time so you don’t hit rate limits.

ideasasylum · August 9, 2017, 8:54pm

Ok, cool. That sounds like a plan. I might scrounge some time this week to test out the migration

Thanks for your help @matt @captncraig

system · November 7, 2017, 8:54pm

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.