The issue with your current config is that you didn’t specify a name for which Caddy could issue certificates for. * isn’t really valid, since it’s a wildcard label, and Caddy won’t issue a wildcard certificate unless the DNS challenge is enabled.
What you can do is turn on on_demand, which will make Caddy issue certificates on-the-fly if it doesn’t have one for the domain/IP (hostname) in the request.
https://:8443 {
tls internal {
on_demand
}
respond "Yep, you got TLS!"
}
Keep in mind this is ripe for abuse, as noted in the docs, so if on_demand is used in production, an ask SHOULD be configured to avoid an attack vector. (Mainly saying this for any future readers of this thread who end up here)