1. The problem I’m having:
With the config below I’m able to obtain a wildcard certificate for my domain and secure all my reverse proxies on subdomains with it. I would also like to secure my domain.tld but the obtained certificate is only valid for the subdomains.
Before I used nginx-proxy which could obtain a single cert for domain.tld and *.domain.tld. Is this also possible with caddy? How would I have to change my config for that? Also, is there a way to set a custom DNS server for the SSL challanges to resolve the domain other than the system DNS server?
2. Error messages and/or full log output:
None for now as this is a configuration question
3. Caddy version:
2.9.1
4. How I installed and ran Caddy:
a. System environment:
Podman on RaspberryPi
c. Service/unit/compose file:
[Unit]
Description=Caddy Reverse Proxy
[Service]
Restart=no
[Container]
Image=docker.io/cilenco/caddy-ionos-dns
ContainerName=caddy
User=caddy
Secret=DOMAIN,type=env,target=DOMAIN
Secret=IONOS_PREFIX,type=env,target=IONOS_PREFIX
Secret=IONOS_SECRET,type=env,target=IONOS_SECRET
Network=caddy.network
PublishPort=80:8080
PublishPort=443:4430
Volume=caddy.data.volume:/certs
Volume=./caddyfile:/etc/caddy/Caddyfile:ro,Z
[Install]
WantedBy=default.target
d. My complete Caddy config:
{
email noreply@{env.DOMAIN}
http_port 8080
https_port 4430
admin off
}
https://*.{env.DOMAIN} {
tls {
dns ionos {env.IONOS_PREFIX}.{env.IONOS_SECRET}
}
@dns host dns.{env.DOMAIN}
handle @dns {
reverse_proxy adguard:80
}
# ...
handle {
abort
}
}