Redundant tls lines? (Looking to clean up.)

Help
1

So i’m trying to clean up my Caddyfile since I feel like I have unnecessary lines. But I’m struggling, the whole tls thing with DNS challenge and specifying my own cert/key is what I’m not understanding, because of what the logs are saying.

Are the tls lines for each subdomain necessary?
e.g.:

	tls /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.crt /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.key {
		dns cloudflare
	}

However, the site certificates being shown are the Cloudflare certs which means its all working.

Below are the Caddyfile and Logs, domains are listed with :443 because of it giving them :2015 by default

Caddyfile

namekal.tech:443 {
	tls /etc/ssl/caddy/certs/cloudflare/namekal.tech/cf.crt /etc/ssl/caddy/certs/cloudflare/namekal.tech/cf.key {
		dns cloudflare
#		ca https://acme-staging.api.letsencrypt.org/directory
	}
	root /var/www/wordpress
	gzip
	fastcgi / /run/php/php7.0-fpm.sock php
	rewrite {
		if {path} not_match ^\/wp-admin
		to {path} {path}/ /index.php?_url={uri}
	}
}

*.evolved.site {
	root /var/www
	gzip
	tls /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.crt /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.key {
		dns cloudflare
#		ca https://acme-staging.api.letsencrypt.org/directory
		max_certs 25
	}
    log /var/log/caddy/access.log
    errors /var/log/caddy/errors.log
}




#Subdomains -------

surv.evolved.site:443 { ## 
	proxy / cent1:8080 {
		transparent
		websocket
	       }
	tls /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.crt /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.key {
		dns cloudflare
#		ca https://acme-staging.api.letsencrypt.org/directory
	}
	log /var/log/caddy/access.surv.log
	errors /var/log/caddy/errors.surv.log
}

sab.evolved.site:443 { ## 
	gzip
	proxy / flareon:8081 {
		transparent
		}
	tls /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.crt /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.key {
		dns cloudflare
#		ca https://acme-staging.api.letsencrypt.org/directory
	}
	log /var/log/caddy/access.sab.log
	errors /var/log/caddy/errors.sab.log
}

couch.evolved.site:443 { 
	gzip
	proxy / fed1:5050 {
		transparent
		}
	tls /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.crt /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.key {
		dns cloudflare
#		ca https://acme-staging.api.letsencrypt.org/directory
	}
	log /var/log/caddy/access.couch.log
	errors /var/log/caddy/errors.couch.log
}
hp.evolved.site:443 {
	gzip
	proxy / fed1:8182 {
		transparent
		}
	tls /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.crt /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.key {
		dns cloudflare
#		ca https://acme-staging.api.letsencrypt.org/directory
	}
	log /var/log/caddy/access.hp.log
	errors /var/log/caddy/errors.hp.log
}


sonarr.evolved.site:443 {
	gzip
	proxy / fed1:8989/ {
		transparent
		}
	tls /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.crt /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.key {
		dns cloudflare
#		ca https://acme-staging.api.letsencrypt.org/directory
	}
	log /var/log/caddy/access.sonarr.log
	errors /var/log/caddy/errors.sonarr.log
}

graf.evolved.site:443 {
	gzip
	proxy / netmon:3000 {
		transparent
		}
	tls /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.crt /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.key {
		dns cloudflare
#		ca https://acme-staging.api.letsencrypt.org/directory
	}
	log /var/log/caddy/access.graf.log
	errors /var/log/caddy/errors.graf.log
}

trans.evolved.site:443 {
	gzip
	proxy / flareon:9091 {
		transparent
		}
	tls /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.crt /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.key {
		dns cloudflare
#		ca https://acme-staging.api.letsencrypt.org/directory
	}
	log /var/log/caddy/access.trans.log
	errors /var/log/caddy/errors.trans.log
}

plex.evolved.site:443 {
	gzip
	proxy / fed1:32400 eevee:32400 {
		transparent
		}
	tls /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.crt /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.key {
		dns cloudflare
#		ca https://acme-staging.api.letsencrypt.org/directory
	}
}


atlas.evolved.site:443 {
	gzip
	proxy / atlas:8090 {
		transparent
		websocket
		}
	tls /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.crt /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.key {
		dns cloudflare
#		ca https://acme-staging.api.letsencrypt.org/directory
	}
}

jira.evolved.site:443 {
	gzip
	proxy / atlas:8080 {
		transparent
		websocket
		}
	tls /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.crt /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.key {
		dns cloudflare
#		ca https://acme-staging.api.letsencrypt.org/directory
	}
}

nc.evolved.site:443
	gzip
	proxy / https://cloud.evolved.home {
		transparent
		insecure_skip_verify
		}
	log /var/log/caddy/access.cloud.log
	errors /var/log/caddy/errors.cloud.log
	tls /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.crt /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.key {
		dns cloudflare
#		ca https://acme-staging.api.letsencrypt.org/directory
	}
}

Logs

2017/11/15 01:55:31 [WARNING] Stapling OCSP: no OCSP stapling for [cloudflare origin certificate *.namekal.tech namekal.tech]: no issuing certificate URL
2017/11/15 01:55:31 [INFO] Successfully loaded TLS assets from /etc/ssl/caddy/certs/cloudflare/namekal.tech/cf.crt and /etc/ssl/caddy/certs/cloudflare/namekal.tech/cf.key
2017/11/15 01:55:31 [WARNING] Stapling OCSP: no OCSP stapling for [cloudflare origin certificate *.evolved.site evolved.site]: no issuing certificate URL
2017/11/15 01:55:31 [NOTICE] There is already a certificate loaded for cloudflare origin certificate, so certificate for [cloudflare origin certificate *.evolved.site evolved.site] will not service that name
2017/11/15 01:55:31 [INFO] Successfully loaded TLS assets from /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.crt and /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.key
2017/11/15 01:55:32 [WARNING] Stapling OCSP: no OCSP stapling for [cloudflare origin certificate *.evolved.site evolved.site]: no issuing certificate URL
2017/11/15 01:55:32 [NOTICE] There is already a certificate loaded for cloudflare origin certificate, so certificate for [cloudflare origin certificate *.evolved.site evolved.site] will not service that name
2017/11/15 01:55:32 [NOTICE] There is already a certificate loaded for *.evolved.site, so certificate for [*.evolved.site evolved.site] will not service that name
2017/11/15 01:55:32 [NOTICE] There is already a certificate loaded for evolved.site, so certificate for [evolved.site] will not service that name
2017/11/15 01:55:32 [INFO] Successfully loaded TLS assets from /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.crt and /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.key
2017/11/15 01:55:32 [WARNING] Stapling OCSP: no OCSP stapling for [cloudflare origin certificate *.evolved.site evolved.site]: no issuing certificate URL
2017/11/15 01:55:32 [NOTICE] There is already a certificate loaded for cloudflare origin certificate, so certificate for [cloudflare origin certificate *.evolved.site evolved.site] will not service that name
2017/11/15 01:55:32 [NOTICE] There is already a certificate loaded for *.evolved.site, so certificate for [*.evolved.site evolved.site] will not service that name
2017/11/15 01:55:32 [NOTICE] There is already a certificate loaded for evolved.site, so certificate for [evolved.site] will not service that name
2017/11/15 01:55:32 [INFO] Successfully loaded TLS assets from /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.crt and /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.key
2017/11/15 01:55:32 [WARNING] Stapling OCSP: no OCSP stapling for [cloudflare origin certificate *.evolved.site evolved.site]: no issuing certificate URL
2017/11/15 01:55:32 [NOTICE] There is already a certificate loaded for cloudflare origin certificate, so certificate for [cloudflare origin certificate *.evolved.site evolved.site] will not service that name
2017/11/15 01:55:32 [NOTICE] There is already a certificate loaded for *.evolved.site, so certificate for [*.evolved.site evolved.site] will not service that name
2017/11/15 01:55:32 [NOTICE] There is already a certificate loaded for evolved.site, so certificate for [evolved.site] will not service that name
2017/11/15 01:55:32 [INFO] Successfully loaded TLS assets from /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.crt and /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.key
2017/11/15 01:55:32 [WARNING] Stapling OCSP: no OCSP stapling for [cloudflare origin certificate *.evolved.site evolved.site]: no issuing certificate URL
2017/11/15 01:55:32 [NOTICE] There is already a certificate loaded for cloudflare origin certificate, so certificate for [cloudflare origin certificate *.evolved.site evolved.site] will not service that name
2017/11/15 01:55:32 [NOTICE] There is already a certificate loaded for *.evolved.site, so certificate for [*.evolved.site evolved.site] will not service that name
2017/11/15 01:55:32 [NOTICE] There is already a certificate loaded for evolved.site, so certificate for [evolved.site] will not service that name
2017/11/15 01:55:32 [INFO] Successfully loaded TLS assets from /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.crt and /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.key
2017/11/15 01:55:32 [WARNING] Stapling OCSP: no OCSP stapling for [cloudflare origin certificate *.evolved.site evolved.site]: no issuing certificate URL
2017/11/15 01:55:32 [NOTICE] There is already a certificate loaded for cloudflare origin certificate, so certificate for [cloudflare origin certificate *.evolved.site evolved.site] will not service that name
2017/11/15 01:55:32 [NOTICE] There is already a certificate loaded for *.evolved.site, so certificate for [*.evolved.site evolved.site] will not service that name
2017/11/15 01:55:32 [NOTICE] There is already a certificate loaded for evolved.site, so certificate for [evolved.site] will not service that name
2017/11/15 01:55:32 [INFO] Successfully loaded TLS assets from /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.crt and /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.key
2017/11/15 01:55:32 [WARNING] Stapling OCSP: no OCSP stapling for [cloudflare origin certificate *.evolved.site evolved.site]: no issuing certificate URL
2017/11/15 01:55:32 [NOTICE] There is already a certificate loaded for cloudflare origin certificate, so certificate for [cloudflare origin certificate *.evolved.site evolved.site] will not service that name
2017/11/15 01:55:32 [NOTICE] There is already a certificate loaded for *.evolved.site, so certificate for [*.evolved.site evolved.site] will not service that name
2017/11/15 01:55:32 [NOTICE] There is already a certificate loaded for evolved.site, so certificate for [evolved.site] will not service that name
2017/11/15 01:55:32 [INFO] Successfully loaded TLS assets from /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.crt and /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.key
2017/11/15 01:55:32 [WARNING] Stapling OCSP: no OCSP stapling for [cloudflare origin certificate *.evolved.site evolved.site]: no issuing certificate URL
2017/11/15 01:55:32 [NOTICE] There is already a certificate loaded for cloudflare origin certificate, so certificate for [cloudflare origin certificate *.evolved.site evolved.site] will not service that name
2017/11/15 01:55:32 [NOTICE] There is already a certificate loaded for *.evolved.site, so certificate for [*.evolved.site evolved.site] will not service that name
2017/11/15 01:55:32 [NOTICE] There is already a certificate loaded for evolved.site, so certificate for [evolved.site] will not service that name
2017/11/15 01:55:32 [INFO] Successfully loaded TLS assets from /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.crt and /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.key
2017/11/15 01:55:32 [WARNING] Stapling OCSP: no OCSP stapling for [cloudflare origin certificate *.evolved.site evolved.site]: no issuing certificate URL
2017/11/15 01:55:32 [NOTICE] There is already a certificate loaded for cloudflare origin certificate, so certificate for [cloudflare origin certificate *.evolved.site evolved.site] will not service that name
2017/11/15 01:55:32 [NOTICE] There is already a certificate loaded for *.evolved.site, so certificate for [*.evolved.site evolved.site] will not service that name
2017/11/15 01:55:32 [NOTICE] There is already a certificate loaded for evolved.site, so certificate for [evolved.site] will not service that name
2017/11/15 01:55:32 [INFO] Successfully loaded TLS assets from /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.crt and /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.key
2017/11/15 01:55:32 [WARNING] Stapling OCSP: no OCSP stapling for [cloudflare origin certificate *.evolved.site evolved.site]: no issuing certificate URL
2017/11/15 01:55:32 [NOTICE] There is already a certificate loaded for cloudflare origin certificate, so certificate for [cloudflare origin certificate *.evolved.site evolved.site] will not service that name
2017/11/15 01:55:32 [NOTICE] There is already a certificate loaded for *.evolved.site, so certificate for [*.evolved.site evolved.site] will not service that name
2017/11/15 01:55:32 [NOTICE] There is already a certificate loaded for evolved.site, so certificate for [evolved.site] will not service that name
2017/11/15 01:55:32 [INFO] Successfully loaded TLS assets from /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.crt and /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.key
2017/11/15 01:55:32 [WARNING] Stapling OCSP: no OCSP stapling for [cloudflare origin certificate *.evolved.site evolved.site]: no issuing certificate URL
2017/11/15 01:55:32 [NOTICE] There is already a certificate loaded for cloudflare origin certificate, so certificate for [cloudflare origin certificate *.evolved.site evolved.site] will not service that name
2017/11/15 01:55:32 [NOTICE] There is already a certificate loaded for *.evolved.site, so certificate for [*.evolved.site evolved.site] will not service that name
2017/11/15 01:55:32 [NOTICE] There is already a certificate loaded for evolved.site, so certificate for [evolved.site] will not service that name
2017/11/15 01:55:32 [INFO] Successfully loaded TLS assets from /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.crt and /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.key
2017/11/15 01:55:32 [WARNING] Stapling OCSP: no OCSP stapling for [cloudflare origin certificate *.evolved.site evolved.site]: no issuing certificate URL
2017/11/15 01:55:32 [NOTICE] There is already a certificate loaded for cloudflare origin certificate, so certificate for [cloudflare origin certificate *.evolved.site evolved.site] will not service that name
2017/11/15 01:55:32 [NOTICE] There is already a certificate loaded for *.evolved.site, so certificate for [*.evolved.site evolved.site] will not service that name
2017/11/15 01:55:32 [NOTICE] There is already a certificate loaded for evolved.site, so certificate for [evolved.site] will not service that name
2017/11/15 01:55:32 [INFO] Successfully loaded TLS assets from /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.crt and /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.key
2017/11/15 01:55:32 http://*.evolved.site
2017/11/15 01:55:32 https://namekal.tech
2017/11/15 01:55:32 https://*.evolved.site
2017/11/15 01:55:32 https://surv.evolved.site
2017/11/15 01:55:32 https://sab.evolved.site
2017/11/15 01:55:32 https://couch.evolved.site
2017/11/15 01:55:32 https://hp.evolved.site
2017/11/15 01:55:32 https://sonarr.evolved.site
2017/11/15 01:55:32 https://graf.evolved.site
2017/11/15 01:55:32 https://trans.evolved.site
2017/11/15 01:55:32 https://plex.evolved.site
2017/11/15 01:55:32 https://atlas.evolved.site
2017/11/15 01:55:32 https://jira.evolved.site
2017/11/15 01:55:32 https://nc.evolved.site
2

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.