Hey! I have a microserver that runs ESXi with three VM’s. One is for Caddy, one for Nextcloud and one for Home assistant. I also own a domain, let’s call it domain. Every service that is run in the VM has a static ip. I want to be able to access these services trough “domain/service_name” outside of my network using https instead of http.
So this worked for me except it’s not HTTPS. If I add HTTPS in the url with my domain caddy is not starting just stuck on “Started certification maintenane routine” and nothing happens.
The Automatic HTTPS feature is going to want to bind port 80 regardless and Caddy will fail out early if it can’t. It will set up HTTP->S redirects which can be overridden but only specifically for each redirect listener. This isn’t ideal for someone who wants to serve no HTTP at all.
Right now if you want to disable HTTP entirely, your best option is to firewall port 80 and run Caddy with the -disable-http-challenge flag.
Right now Caddy (specifically, Caddy’s ACME provider, acme-go/lego) will always preference TLS-ALPN validation, so that flag doesn’t strictly modify behaviour, but it’s good to ensure that Caddy won’t ever try to use HTTP validation if you’re just firewalling port 80.