So i’m trying to clean up my Caddyfile since I feel like I have unnecessary lines. But I’m struggling, the whole tls
thing with DNS challenge and specifying my own cert/key is what I’m not understanding, because of what the logs are saying.
Are the tls
lines for each subdomain necessary?
e.g.:
tls /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.crt /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.key {
dns cloudflare
}
However, the site certificates being shown are the Cloudflare certs which means its all working.
Below are the Caddyfile and Logs, domains are listed with :443
because of it giving them :2015
by default
Caddyfile
namekal.tech:443 {
tls /etc/ssl/caddy/certs/cloudflare/namekal.tech/cf.crt /etc/ssl/caddy/certs/cloudflare/namekal.tech/cf.key {
dns cloudflare
# ca https://acme-staging.api.letsencrypt.org/directory
}
root /var/www/wordpress
gzip
fastcgi / /run/php/php7.0-fpm.sock php
rewrite {
if {path} not_match ^\/wp-admin
to {path} {path}/ /index.php?_url={uri}
}
}
*.evolved.site {
root /var/www
gzip
tls /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.crt /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.key {
dns cloudflare
# ca https://acme-staging.api.letsencrypt.org/directory
max_certs 25
}
log /var/log/caddy/access.log
errors /var/log/caddy/errors.log
}
#Subdomains -------
surv.evolved.site:443 { ##
proxy / cent1:8080 {
transparent
websocket
}
tls /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.crt /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.key {
dns cloudflare
# ca https://acme-staging.api.letsencrypt.org/directory
}
log /var/log/caddy/access.surv.log
errors /var/log/caddy/errors.surv.log
}
sab.evolved.site:443 { ##
gzip
proxy / flareon:8081 {
transparent
}
tls /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.crt /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.key {
dns cloudflare
# ca https://acme-staging.api.letsencrypt.org/directory
}
log /var/log/caddy/access.sab.log
errors /var/log/caddy/errors.sab.log
}
couch.evolved.site:443 {
gzip
proxy / fed1:5050 {
transparent
}
tls /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.crt /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.key {
dns cloudflare
# ca https://acme-staging.api.letsencrypt.org/directory
}
log /var/log/caddy/access.couch.log
errors /var/log/caddy/errors.couch.log
}
hp.evolved.site:443 {
gzip
proxy / fed1:8182 {
transparent
}
tls /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.crt /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.key {
dns cloudflare
# ca https://acme-staging.api.letsencrypt.org/directory
}
log /var/log/caddy/access.hp.log
errors /var/log/caddy/errors.hp.log
}
sonarr.evolved.site:443 {
gzip
proxy / fed1:8989/ {
transparent
}
tls /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.crt /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.key {
dns cloudflare
# ca https://acme-staging.api.letsencrypt.org/directory
}
log /var/log/caddy/access.sonarr.log
errors /var/log/caddy/errors.sonarr.log
}
graf.evolved.site:443 {
gzip
proxy / netmon:3000 {
transparent
}
tls /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.crt /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.key {
dns cloudflare
# ca https://acme-staging.api.letsencrypt.org/directory
}
log /var/log/caddy/access.graf.log
errors /var/log/caddy/errors.graf.log
}
trans.evolved.site:443 {
gzip
proxy / flareon:9091 {
transparent
}
tls /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.crt /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.key {
dns cloudflare
# ca https://acme-staging.api.letsencrypt.org/directory
}
log /var/log/caddy/access.trans.log
errors /var/log/caddy/errors.trans.log
}
plex.evolved.site:443 {
gzip
proxy / fed1:32400 eevee:32400 {
transparent
}
tls /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.crt /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.key {
dns cloudflare
# ca https://acme-staging.api.letsencrypt.org/directory
}
}
atlas.evolved.site:443 {
gzip
proxy / atlas:8090 {
transparent
websocket
}
tls /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.crt /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.key {
dns cloudflare
# ca https://acme-staging.api.letsencrypt.org/directory
}
}
jira.evolved.site:443 {
gzip
proxy / atlas:8080 {
transparent
websocket
}
tls /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.crt /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.key {
dns cloudflare
# ca https://acme-staging.api.letsencrypt.org/directory
}
}
nc.evolved.site:443
gzip
proxy / https://cloud.evolved.home {
transparent
insecure_skip_verify
}
log /var/log/caddy/access.cloud.log
errors /var/log/caddy/errors.cloud.log
tls /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.crt /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.key {
dns cloudflare
# ca https://acme-staging.api.letsencrypt.org/directory
}
}
Logs
2017/11/15 01:55:31 [WARNING] Stapling OCSP: no OCSP stapling for [cloudflare origin certificate *.namekal.tech namekal.tech]: no issuing certificate URL
2017/11/15 01:55:31 [INFO] Successfully loaded TLS assets from /etc/ssl/caddy/certs/cloudflare/namekal.tech/cf.crt and /etc/ssl/caddy/certs/cloudflare/namekal.tech/cf.key
2017/11/15 01:55:31 [WARNING] Stapling OCSP: no OCSP stapling for [cloudflare origin certificate *.evolved.site evolved.site]: no issuing certificate URL
2017/11/15 01:55:31 [NOTICE] There is already a certificate loaded for cloudflare origin certificate, so certificate for [cloudflare origin certificate *.evolved.site evolved.site] will not service that name
2017/11/15 01:55:31 [INFO] Successfully loaded TLS assets from /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.crt and /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.key
2017/11/15 01:55:32 [WARNING] Stapling OCSP: no OCSP stapling for [cloudflare origin certificate *.evolved.site evolved.site]: no issuing certificate URL
2017/11/15 01:55:32 [NOTICE] There is already a certificate loaded for cloudflare origin certificate, so certificate for [cloudflare origin certificate *.evolved.site evolved.site] will not service that name
2017/11/15 01:55:32 [NOTICE] There is already a certificate loaded for *.evolved.site, so certificate for [*.evolved.site evolved.site] will not service that name
2017/11/15 01:55:32 [NOTICE] There is already a certificate loaded for evolved.site, so certificate for [evolved.site] will not service that name
2017/11/15 01:55:32 [INFO] Successfully loaded TLS assets from /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.crt and /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.key
2017/11/15 01:55:32 [WARNING] Stapling OCSP: no OCSP stapling for [cloudflare origin certificate *.evolved.site evolved.site]: no issuing certificate URL
2017/11/15 01:55:32 [NOTICE] There is already a certificate loaded for cloudflare origin certificate, so certificate for [cloudflare origin certificate *.evolved.site evolved.site] will not service that name
2017/11/15 01:55:32 [NOTICE] There is already a certificate loaded for *.evolved.site, so certificate for [*.evolved.site evolved.site] will not service that name
2017/11/15 01:55:32 [NOTICE] There is already a certificate loaded for evolved.site, so certificate for [evolved.site] will not service that name
2017/11/15 01:55:32 [INFO] Successfully loaded TLS assets from /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.crt and /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.key
2017/11/15 01:55:32 [WARNING] Stapling OCSP: no OCSP stapling for [cloudflare origin certificate *.evolved.site evolved.site]: no issuing certificate URL
2017/11/15 01:55:32 [NOTICE] There is already a certificate loaded for cloudflare origin certificate, so certificate for [cloudflare origin certificate *.evolved.site evolved.site] will not service that name
2017/11/15 01:55:32 [NOTICE] There is already a certificate loaded for *.evolved.site, so certificate for [*.evolved.site evolved.site] will not service that name
2017/11/15 01:55:32 [NOTICE] There is already a certificate loaded for evolved.site, so certificate for [evolved.site] will not service that name
2017/11/15 01:55:32 [INFO] Successfully loaded TLS assets from /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.crt and /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.key
2017/11/15 01:55:32 [WARNING] Stapling OCSP: no OCSP stapling for [cloudflare origin certificate *.evolved.site evolved.site]: no issuing certificate URL
2017/11/15 01:55:32 [NOTICE] There is already a certificate loaded for cloudflare origin certificate, so certificate for [cloudflare origin certificate *.evolved.site evolved.site] will not service that name
2017/11/15 01:55:32 [NOTICE] There is already a certificate loaded for *.evolved.site, so certificate for [*.evolved.site evolved.site] will not service that name
2017/11/15 01:55:32 [NOTICE] There is already a certificate loaded for evolved.site, so certificate for [evolved.site] will not service that name
2017/11/15 01:55:32 [INFO] Successfully loaded TLS assets from /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.crt and /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.key
2017/11/15 01:55:32 [WARNING] Stapling OCSP: no OCSP stapling for [cloudflare origin certificate *.evolved.site evolved.site]: no issuing certificate URL
2017/11/15 01:55:32 [NOTICE] There is already a certificate loaded for cloudflare origin certificate, so certificate for [cloudflare origin certificate *.evolved.site evolved.site] will not service that name
2017/11/15 01:55:32 [NOTICE] There is already a certificate loaded for *.evolved.site, so certificate for [*.evolved.site evolved.site] will not service that name
2017/11/15 01:55:32 [NOTICE] There is already a certificate loaded for evolved.site, so certificate for [evolved.site] will not service that name
2017/11/15 01:55:32 [INFO] Successfully loaded TLS assets from /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.crt and /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.key
2017/11/15 01:55:32 [WARNING] Stapling OCSP: no OCSP stapling for [cloudflare origin certificate *.evolved.site evolved.site]: no issuing certificate URL
2017/11/15 01:55:32 [NOTICE] There is already a certificate loaded for cloudflare origin certificate, so certificate for [cloudflare origin certificate *.evolved.site evolved.site] will not service that name
2017/11/15 01:55:32 [NOTICE] There is already a certificate loaded for *.evolved.site, so certificate for [*.evolved.site evolved.site] will not service that name
2017/11/15 01:55:32 [NOTICE] There is already a certificate loaded for evolved.site, so certificate for [evolved.site] will not service that name
2017/11/15 01:55:32 [INFO] Successfully loaded TLS assets from /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.crt and /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.key
2017/11/15 01:55:32 [WARNING] Stapling OCSP: no OCSP stapling for [cloudflare origin certificate *.evolved.site evolved.site]: no issuing certificate URL
2017/11/15 01:55:32 [NOTICE] There is already a certificate loaded for cloudflare origin certificate, so certificate for [cloudflare origin certificate *.evolved.site evolved.site] will not service that name
2017/11/15 01:55:32 [NOTICE] There is already a certificate loaded for *.evolved.site, so certificate for [*.evolved.site evolved.site] will not service that name
2017/11/15 01:55:32 [NOTICE] There is already a certificate loaded for evolved.site, so certificate for [evolved.site] will not service that name
2017/11/15 01:55:32 [INFO] Successfully loaded TLS assets from /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.crt and /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.key
2017/11/15 01:55:32 [WARNING] Stapling OCSP: no OCSP stapling for [cloudflare origin certificate *.evolved.site evolved.site]: no issuing certificate URL
2017/11/15 01:55:32 [NOTICE] There is already a certificate loaded for cloudflare origin certificate, so certificate for [cloudflare origin certificate *.evolved.site evolved.site] will not service that name
2017/11/15 01:55:32 [NOTICE] There is already a certificate loaded for *.evolved.site, so certificate for [*.evolved.site evolved.site] will not service that name
2017/11/15 01:55:32 [NOTICE] There is already a certificate loaded for evolved.site, so certificate for [evolved.site] will not service that name
2017/11/15 01:55:32 [INFO] Successfully loaded TLS assets from /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.crt and /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.key
2017/11/15 01:55:32 [WARNING] Stapling OCSP: no OCSP stapling for [cloudflare origin certificate *.evolved.site evolved.site]: no issuing certificate URL
2017/11/15 01:55:32 [NOTICE] There is already a certificate loaded for cloudflare origin certificate, so certificate for [cloudflare origin certificate *.evolved.site evolved.site] will not service that name
2017/11/15 01:55:32 [NOTICE] There is already a certificate loaded for *.evolved.site, so certificate for [*.evolved.site evolved.site] will not service that name
2017/11/15 01:55:32 [NOTICE] There is already a certificate loaded for evolved.site, so certificate for [evolved.site] will not service that name
2017/11/15 01:55:32 [INFO] Successfully loaded TLS assets from /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.crt and /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.key
2017/11/15 01:55:32 [WARNING] Stapling OCSP: no OCSP stapling for [cloudflare origin certificate *.evolved.site evolved.site]: no issuing certificate URL
2017/11/15 01:55:32 [NOTICE] There is already a certificate loaded for cloudflare origin certificate, so certificate for [cloudflare origin certificate *.evolved.site evolved.site] will not service that name
2017/11/15 01:55:32 [NOTICE] There is already a certificate loaded for *.evolved.site, so certificate for [*.evolved.site evolved.site] will not service that name
2017/11/15 01:55:32 [NOTICE] There is already a certificate loaded for evolved.site, so certificate for [evolved.site] will not service that name
2017/11/15 01:55:32 [INFO] Successfully loaded TLS assets from /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.crt and /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.key
2017/11/15 01:55:32 [WARNING] Stapling OCSP: no OCSP stapling for [cloudflare origin certificate *.evolved.site evolved.site]: no issuing certificate URL
2017/11/15 01:55:32 [NOTICE] There is already a certificate loaded for cloudflare origin certificate, so certificate for [cloudflare origin certificate *.evolved.site evolved.site] will not service that name
2017/11/15 01:55:32 [NOTICE] There is already a certificate loaded for *.evolved.site, so certificate for [*.evolved.site evolved.site] will not service that name
2017/11/15 01:55:32 [NOTICE] There is already a certificate loaded for evolved.site, so certificate for [evolved.site] will not service that name
2017/11/15 01:55:32 [INFO] Successfully loaded TLS assets from /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.crt and /etc/ssl/caddy/certs/cloudflare/evolved.site/cf.key
2017/11/15 01:55:32 http://*.evolved.site
2017/11/15 01:55:32 https://namekal.tech
2017/11/15 01:55:32 https://*.evolved.site
2017/11/15 01:55:32 https://surv.evolved.site
2017/11/15 01:55:32 https://sab.evolved.site
2017/11/15 01:55:32 https://couch.evolved.site
2017/11/15 01:55:32 https://hp.evolved.site
2017/11/15 01:55:32 https://sonarr.evolved.site
2017/11/15 01:55:32 https://graf.evolved.site
2017/11/15 01:55:32 https://trans.evolved.site
2017/11/15 01:55:32 https://plex.evolved.site
2017/11/15 01:55:32 https://atlas.evolved.site
2017/11/15 01:55:32 https://jira.evolved.site
2017/11/15 01:55:32 https://nc.evolved.site