New pattern for wildcard certs using Caddyfile (2.10.0)

Ricardo · April 23, 2025, 11:37am

Hello,

I have been using wildcard certificates with the DNS challenge for many months, and it works well for my use case. My Caddyfile is mostly based on the pattern described in the docs, with handle directives nested inside a site block.

According to the latest release notes (version 2.10.0) it should now be possible to use wildcard certificates without the nested handle directives. It’s not very clear to me, though, what the new Caddyfile should look like.

Could someone maybe provide a simple example of the new pattern when using a DNS challenge inside the global options block?

Thank you very much!

matt · April 23, 2025, 1:04pm

Just like a normal Caddyfile (don’t nest the subdomains). Instead of:

*.example.com {
	tls {
		dns <provider_name> [<params...>]
	}

	@foo host foo.example.com
	handle @foo {
		respond "Foo!"
	}

	@bar host bar.example.com
	handle @bar {
		respond "Bar!"
	}

	# Fallback for otherwise unhandled domains
	handle {
		abort
	}
}

You can do:

*.example.com {
	tls {
		dns <provider_name> [<params...>]
	}
}

foo.example.com {
	respond "Foo!"
}

bar.example.com {
	respond "Bar!"
}

Ricardo · April 23, 2025, 1:30pm

Thank you Matt! This is exactly what I was looking for.

Will test it right away with a new server I’m setting up right now.

I like the new, cleaner pattern. It will make maintenance of my servers a little bit easier going forward.