If you’re using Docker, not publishing the port is enough.
But keep in mind that you’re also causing the ACME HTTP challenge to not work, which makes your setup slightly more brittle because you’re entirely relying on the ACME TLS-ALPN challenge; if Let’s Encrypt finds a bug with that challenge (which has happened in the past), they may disable that challenge temporarily while they fix it.
Why exactly do you want to turn off HTTP? Caddy sets up HTTP->HTTPS redirects anyway, there’s no harm in leaving it up, in fact it’s a benefit to users because they will get properly redirected if typing the domain in their browser without https://.
No, specifying https:// makes no difference because HTTPS is the default in Caddy. See Caddyfile Concepts — Caddy Documentation which describes the rules for site addresses.
You can configure the auto_https disable_redirects global option to have skip enabling the redirects (which cause an :80 server to get implicitly created for you).
Using the tls directive you can turn off a challenge:
tls {
issuer acme {
disable_http_challenge
}
}
But like I said, why do you want to do this?
That might fix it, I forget. But you can probably just follow the instructions on the linked page in that warning, I think the settings on your host machine will affect your Docker containers too.