Obtain certificate for non-HTTP(S) service?

I am running multiple services on various subdomains that use TLS-certificates and I’d like to use Caddy to handle obtaining and renewing those. Alas, these are not HTTP(S)-services (Mumble, for example) and thus there’s no point in defining an entry for them in the Caddyfile, like I have for my regular reverse-proxied HTTP(S)-services.

How can I use Caddy to just obtain the certificates without attempting to also serve content for those subdomains? I also specifically want to do it via a Caddyfile as JSON-files are a major pain in the rear-end to deal with. I found a thread at Using Caddy to keep certificates renewed that would do what I want, but it’s for JSON and apparently the method wouldn’t work Caddyfiles, according to a thread mentioned further down that link.

As something that might be important to mention, I can make use of the Let’s Encrypt DNS challenge via the Namecheap DNS module.

I would write your Caddyfile, then run caddy adapt to get you 99% of the way there. Then modify it slightly to add in your custom certificate management logic. :100:

Another option is just to make a site block that aborts the connection if someone does hit it:

example.com {
	abort
}

This will make it automate TLS for this (and also redirect HTTP->HTTPS for it) but if it gets hit with a request then it will do the TLS handshake and then immediate close the connection. Pretty much the best you can do in the Caddyfile alone.

1 Like

@francislavoie @matt Thank you both for the replies.

I suppose I’ll go with Francis’s suggestion as it’s the least amount of work and doesn’t require changing the file format. It feels a little weird to do it like that, like I’m doing something dirty, but oh well, I guess it can’t be helped.

I do want to eventually add a way to just enable management for domains without routes, but that requires a bit of syntax exploration to get it right and play well with the rest of the Caddyfile parsing.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.