SSL Certificate Renewal Behaviour

Hi All

We use caddy to do layer 7 proxying for customer demos

As such we tend to spin up and down DNS records (e.g. customer1-demo.domain.tld) etc

When it comes to renewing does caddy renew the domains in the curret config only or does it renew all certificates in the .Caddy folder

If it’s all the certificates - is it a matter of deleting the folders no longer in use or is there a better process.

Having a look we have about 30 domains which we no longer need to renew certs for and these are not in the current caddfile


Hi Andrei, great question. Caddy only renews certificates it is actively managing, which are certificates being used by sites with the current config.

It does not delete old, expired certificates, although this is on my to-do list. (Caddy does delete old cached OCSP staples, so porting that function to certificates will be pretty easy. OCSP staples only last a few days or weeks, which is why that functionality was given to OCSP staples first.)

Slight change of topic: Would your company be interested in sponsoring Caddy or in the Engineering Package? We’d love to show off what you use Caddy for as a sponsor, or to prioritize features like this through the Engineering Package.

Hi Matt

Would love to however I am packing up shop and taking a 2 year sabatical.

Absolutely love what you are doing with Caddy. Last time time I got this excited about a webserver was when NGINX first came out.

will help out other ways (promotion code etc)


1 Like

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.