Obtain certificate for non-HTTP(S) service?

I am running multiple services on various subdomains that use TLS-certificates and I’d like to use Caddy to handle obtaining and renewing those. Alas, these are not HTTP(S)-services (Mumble, for example) and thus there’s no point in defining an entry for them in the Caddyfile, like I have for my regular reverse-proxied HTTP(S)-services.

How can I use Caddy to just obtain the certificates without attempting to also serve content for those subdomains? I also specifically want to do it via a Caddyfile as JSON-files are a major pain in the rear-end to deal with. I found a thread at Using Caddy to keep certificates renewed that would do what I want, but it’s for JSON and apparently the method wouldn’t work Caddyfiles, according to a thread mentioned further down that link.

As something that might be important to mention, I can make use of the Let’s Encrypt DNS challenge via the Namecheap DNS module.

I would write your Caddyfile, then run caddy adapt to get you 99% of the way there. Then modify it slightly to add in your custom certificate management logic. :100:

Another option is just to make a site block that aborts the connection if someone does hit it:

example.com {

This will make it automate TLS for this (and also redirect HTTP->HTTPS for it) but if it gets hit with a request then it will do the TLS handshake and then immediate close the connection. Pretty much the best you can do in the Caddyfile alone.

1 Like

@francislavoie @matt Thank you both for the replies.

I suppose I’ll go with Francis’s suggestion as it’s the least amount of work and doesn’t require changing the file format. It feels a little weird to do it like that, like I’m doing something dirty, but oh well, I guess it can’t be helped.

I do want to eventually add a way to just enable management for domains without routes, but that requires a bit of syntax exploration to get it right and play well with the rest of the Caddyfile parsing.