Remove existing SSL for Lets Encrypt

nbennettTrellis · June 23, 2020, 5:06pm

I’m using Caddy 1.0.0 with a custom SSL certificate, but want to switch back to using Let’s Encrypt - do I simply remove the tls line from the Caddyfile & restart?

matt · June 23, 2020, 6:04pm

What is your Caddyfile?

My recommendation is to upgrade to v2 while you’re at it. V1 is no longer being developed.

nbennettTrellis · June 23, 2020, 6:10pm

thanks @matt - here’s the redacted file:

[site].com:80, www.[site].com:80 {
    redir https://[site].com{uri}
    header / {
        Server "unknown"
    }
}
[site].com:443, www.[site].com:443 {
    root /var/www/docroot
    tls /etc/ssl/caddy/ssl.pem /etc/ssl/caddy/ssl.key {
        ciphers ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-ECDSA-WITH-CHACHA20-POLY1305 ECDHE-RSA-WITH-CHACHA20-POLY1305
        protocols tls1.2 tls1.3
    }
    fastcgi / /var/run/php-fpm/php-fpm.sock php
    header / {
        Referrer-Policy "no-referrer"
        Feature-Policy "camera 'none'; microphone 'none';"
        Content-Security-Policy "default-src *; script-src *; style-src 'unsafe-inline' *; img-src *;"
        Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
        X-XSS-Protection "1; mode=block"
        X-Content-Type-Options "nosniff"
        X-Frame-Options "deny"
        Server "unknown"
    }
    basicauth /zcsv zboard brightallowancetabletop
    browse /zcsv
    status 401 {
        /docs/data
        /docs/conf
        /docs/bin
        /docs/inc
    }
    mime {
        .csv application/octet-stream
    }
    gzip {
        ext *
        level 1
    }
    errors {
        * /var/www/docroot/404.html
    }
}

tbh this is my first time working with Caddy - I can recommend that we update to v2, but for now we just need to get Lets Encrypt working.

Thx!

matt · June 23, 2020, 6:19pm

Then definitely start with v2, don’t deploy a new server that is obsolete and no longer being developed.

Anyway, yes, I presume if you remove the tls directive it will use Let’s Encrypt. Always test with the staging endpoint first.

FYI we have a rule to not redact site names from configs, because it hinders our ability to help you: FAQ - Caddy Community

nbennettTrellis · June 23, 2020, 6:24pm

Thanks @matt - we already have v1 up and working (and to my knowledge, don’t have a staging endpoint to test with) - I’ll make the suggestion to update to v2.

I appreciate the desire to help, but some of my clients may not want their domains shared…

matt · June 23, 2020, 6:29pm

We do have plans for private support for businesses who require that. But since this is an open source project, everything for free is (or will be) in the open.

nbennettTrellis · June 24, 2020, 4:39pm

Thanks @matt - I can confirm that removing the tls line from the Caddyfile and restarting switched the SSL to use Let’s Encrypt.

system · July 23, 2020, 5:06pm

This topic was automatically closed after 30 days. New replies are no longer allowed.