Yep, download a build with the github.com/caddy-dns/digitalocean plugin, then configure it in your tls directive, and that’s it.
{
on_demand_tls {
ask https://layoff.wtf/caddy/ask
interval 2m
burst 5
}
}
https:// {
tls {
on_demand
dns digitalocean ## <------FOR WILDCARD SUBDOMAINS ---------------
}
root * /var/www/caddy/public
file_server
php_fastcgi unix//run/php/php8.0-fpm.sock
}
Will this Caddyfile configuration work for wildcard subdomains (along with automatic tls)?
Caddy needs to know about your wildcard domain to issue them, so you’d need to change your site to something like this:
https://, *.example.com {
...
}
This will tell Caddy to actually manage a certificate for *.example.com but still allow for on-demand certs for otherwise unknown domains.
1 Like
I see. This would be my configuration -
{
on_demand_tls {
ask https://layoff.wtf/caddy/ask
interval 2m
burst 5
}
}
https://, *.layoff.wtf {
tls {
on_demand
dns digitalocean
}
root * /var/www/caddy/public
file_server
php_fastcgi unix//run/php/php8.0-fpm.sock
}
Wondering if having a wildcard certificate is actually a better choice than using individual certificate. Are there any gotcha’s I need to be aware of?
As mentioned in the docs:
Wildcard certificates represent a wide degree of authority and should only be used when you have so many subdomains that managing individual certificates for them would strain the PKI or cause you to hit CA-enforced rate limits.
1 Like
This topic was automatically closed after 30 days. New replies are no longer allowed.