Remove existing SSL for Lets Encrypt

I’m using Caddy 1.0.0 with a custom SSL certificate, but want to switch back to using Let’s Encrypt - do I simply remove the tls line from the Caddyfile & restart?

What is your Caddyfile?

My recommendation is to upgrade to v2 while you’re at it. V1 is no longer being developed.

thanks @matt - here’s the redacted file:

[site].com:80, www.[site].com:80 {
    redir https://[site].com{uri}
    header / {
        Server "unknown"
[site].com:443, www.[site].com:443 {
    root /var/www/docroot
    tls /etc/ssl/caddy/ssl.pem /etc/ssl/caddy/ssl.key {
        protocols tls1.2 tls1.3
    fastcgi / /var/run/php-fpm/php-fpm.sock php
    header / {
        Referrer-Policy "no-referrer"
        Feature-Policy "camera 'none'; microphone 'none';"
        Content-Security-Policy "default-src *; script-src *; style-src 'unsafe-inline' *; img-src *;"
        Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
        X-XSS-Protection "1; mode=block"
        X-Content-Type-Options "nosniff"
        X-Frame-Options "deny"
        Server "unknown"
    basicauth /zcsv zboard brightallowancetabletop
    browse /zcsv
    status 401 {
    mime {
        .csv application/octet-stream
    gzip {
        ext *
        level 1
    errors {
        * /var/www/docroot/404.html

tbh this is my first time working with Caddy - I can recommend that we update to v2, but for now we just need to get Lets Encrypt working.


Then definitely start with v2, don’t deploy a new server that is obsolete and no longer being developed.

Anyway, yes, I presume if you remove the tls directive it will use Let’s Encrypt. Always test with the staging endpoint first.

FYI we have a rule to not redact site names from configs, because it hinders our ability to help you: FAQ - Caddy Community

Thanks @matt - we already have v1 up and working (and to my knowledge, don’t have a staging endpoint to test with) - I’ll make the suggestion to update to v2.

I appreciate the desire to help, but some of my clients may not want their domains shared…

We do have plans for private support for businesses who require that. But since this is an open source project, everything for free is (or will be) in the open.

Thanks @matt - I can confirm that removing the tls line from the Caddyfile and restarting switched the SSL to use Let’s Encrypt. :+1:

1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.