I worked through setting up a wildcard certificate for WeBase this past summer and everything was working fine until the certificate expired and needed to be renewed.
I expected that Caddy would handle that automatically but it did not.
Is there a command that I need to run to renew a wildcard certificate? How are wildcard certificates intended to be renewed?
Details including caddy config below. Thank you for any tips or pointers?
–harris
1. Caddy version (caddy version
):
v2.1.0 h1:MC4d65RCVaEKy1iOFjsD51mybOwS8qdEVBi7ESDhUfE=
2. How I run Caddy:
sudo systemctl start caddy-api.service
d. My complete Caddyfile or JSON config:
{
"admin": {
"enforce_origin": true,
"listen": "0.0.0.0:2019",
"origins": [
"ABC123"
]
},
"apps": {
"http": {
"servers": {
"webase": {
"listen": [
":443"
],
"routes": [
{
"handle": [
{
"handler": "subroute",
"routes": [
{
"handle": [
{
"handler": "reverse_proxy",
"headers": {
"request": {
"set": {
"Access-Control-Allow-Headers": [
"Cache-Control,Content-Type"
],
"X-Real-Ip": [
"{http.request.remote.host}"
]
}
}
},
"upstreams": [
{
"dial": "172.17.0.12:5000"
},
{
"dial": "172.17.0.14:5000"
}
]
}
]
}
]
}
],
"match": [
{
"host": [
"www.webase.com",
"*.webase.com",
"webase.com"
]
}
],
"terminal": true
},
{
"handle": [
{
"handler": "subroute",
"routes": [
{
"handle": [
{
"handler": "reverse_proxy",
"headers": {
"request": {
"set": {
"Access-Control-Allow-Headers": [
"Cache-Control,Content-Type"
],
"X-Real-Ip": [
"{http.request.remote.host}"
]
}
}
},
"upstreams": [
{
"dial": "172.17.0.12:5000"
},
{
"dial": "172.17.0.14:5000"
}
]
}
]
}
]
}
],
"match": [
{
"host": [
"www.sbaloanshq.com"
]
}
],
"terminal": true
},
{
"handle": [
{
"handler": "subroute",
"routes": [
{
"handle": [
{
"handler": "reverse_proxy",
"headers": {
"request": {
"set": {
"Access-Control-Allow-Headers": [
"Cache-Control,Content-Type"
],
"X-Real-Ip": [
"{http.request.remote.host}"
]
}
}
},
"upstreams": [
{
"dial": "172.17.0.12:5000"
}
]
}
]
}
]
}
],
"match": [
{
"host": [
"www.nimblehq.com"
]
}
],
"terminal": true
},
{
"handle": [
{
"handler": "subroute",
"routes": [
{
"handle": [
{
"handler": "reverse_proxy",
"headers": {
"request": {
"set": {
"Access-Control-Allow-Headers": [
"Cache-Control,Content-Type"
],
"X-Real-Ip": [
"{http.request.remote.host}"
]
}
}
},
"upstreams": [
{
"dial": "172.17.0.16:5000"
}
]
}
]
}
]
}
],
"match": [
{
"host": [
"chart.ly"
]
}
],
"terminal": true
}
]
}
}
},
"tls": {
"automation": {
"on_demand": {
"ask": "https://www.webase.com/api/v1/domain-check.json",
"rate_limit": {
"burst": 100,
"interval": "5m"
}
},
"policies": [
{
"issuer": {
"challenges": {
"dns": {
"provider": {
"max_retries": 10,
"name": "route53"
}
}
},
"email": "harris@webase.com",
"module": "acme"
},
"on_demand": false,
"subjects": [
"*.webase.com"
]
},
{
"issuer": {
"email": "harris@webase.com",
"module": "acme"
},
"on_demand": true
}
]
}
}
},
"logging": {
"logs": {
"default": {
"encoder": {
"format": "json"
},
"level": "debug",
"writer": {
"filename": "/tmp/caddy-tmp.log",
"output": "file"
}
}
},
"sink": {
"writer": {
"filename": "/tmp/caddy-go.log",
"output": "file"
}
}
}
}