1. The problem I’m having:
I use Cloudflare to proxy some of my sites (uhio.uk drive.uhio.uk doh.uhio.uk), they use Cloudflare’s “origin certificate” which are not publicly trusted. Another site, dns.uhio.uk needs direct DNS and I have to manage certs myself.
If there is no site loading the CF origin cert then auto HTTPS works well`, otherwise it’s using CF origin cert even if I don’t specify it.
I understand this as a default bahavior, but is there an explicit way to make a site always request for a certificate?
2. Error messages and/or full log output:
Normal, with uhio.uk loading CF origin cert:
2025/06/22 04:32:56.142 INFO http.auto_https skipping automatic certificate management because one or more matching certificates are already loaded {"domain": "dns.uhio.uk", "server_name": "srv0"}
2025/06/22 04:32:56.142 INFO http.auto_https skipping automatic certificate management because one or more matching certificates are already loaded {"domain": "uhio.uk", "server_name": "srv0"}
This is want I want (output when CF origin cert not loaded):
2025/06/22 01:30:50.225 INFO http enabling automatic TLS certificate management {"domains": ["dns.uhio.uk"]}
3. Caddy version:
v2.10.0
4. How I installed and ran Caddy:
a. System environment:
Windows 11 LTSC 2024 (24H2)
Caddy is downloaded from https://caddyserver.com/download
b. Command:
caddy run
c. Service/unit/compose file:
N/A
d. My complete Caddy config:
This is a minimal config that reproduces the problem.
{
storage file_system "D:/services/caddy/data/"
log {
output file "D:/services/caddy/logs/caddy.log" {
roll_size 20mb
roll_keep 5
}
format console {
level_format upper
}
}
acme_dns cloudflare NeverGonnaGiveYouUp # my API token
email u@uhio.uk
}
(cf_tls) {
tls "D:/res/cf_origin.crt" "D:/res/cf_origin.key" {
client_auth {
mode require_and_verify
trust_pool file "D:/res/authenticated_origin_pull_ca.pem"
}
}
encode
}
uhio.uk {
import cf_tls
handle {
respond "This page is reserved for future use."
}
}
dns.uhio.uk {
# tls {
# issuer acme
# }
# # this doesn't affect anything
}