Thanks @francislavoie! For some reason I thought caddy had some “magic” for the wildcards certificats too (which is almost impossible since they need some kind of restrict access to the DNS records).
I’ve moved my DNS to route53 since I’m using AWS for everything and it worked!
For the record, my steps:
- Download the custom caddy build
You can get the url at the Download Caddy page
curl 'https://caddyserver.com/api/download?os=linux&arch=amd64&p=github.com%2Fcaddy-dns%2Froute53&idempotency=20494704131839' -o caddy
- Move the binary (ex to:
/usr/bin/caddy) and update its permissions (ex: 755 +x); - Check if its working
caddy version; - Check if it has the route53 dns module
caddy list-modules | grep route53; - Go to AWS console and create the user/group/policy with this permissions: GitHub - libdns/route53: AWS Route53 provider implementation for libdns (change the
hostedzone/ZABCD1EFGHILwith your zone ID); - Create the
~/.aws/credentialsfile with the generated credentials;
[default]
aws_access_key_id = your_access_key_id
aws_secret_access_key = your_secret_access_key
- Update your Caddyfile (or json) to use the route53 module:
*.domain.com {
# ....
tls {
dns route53
}
}
- Start/reload caddy