If you’re worried about certificate issues, there won’t be any as long as Caddy is accessible at the IP address specified by each of its managed domains. You don’t need to copy the .caddy directory at all (unless you’ve got more domains than LetsEncrypt’s rate limit).
Requisitioning a new set of certificates is pretty quick, and you avoid transmitting your private keys (even if you would have been transmitting them securely).
With that said, you can indeed copy the entire .caddy directory, and if it’s placed in the correct location with the correct permissions, Caddy will start using them instead of requesting new ones.
If it’s absolute zero downtime you require, though, here’s how I’d do it:
-
sudo rsync -az [old-host]:/root/.caddy /root/.caddyon [new-host]
(or other file path as appropriate) -
sudo rsync -az [old-host]:/etc/Caddyfile /etc/Caddyfileon [new-host]
(or other file path as appropriate) - Replace the
caddyfileon [old-host] with this:
http:// {
proxy / http://[new-host] {
transparent
websocket
}
}
https:// {
proxy / https://[new-host] {
transparent
websocket
}
tls {
max_certs 1
}
}
- Start Caddy on [new-host]
-
pkill -SIGUSR1 caddyon [old-host], now all new requests to either host are served by [new-host] - Change DNS records, propagation time is now irrelevant
- Take down [old-host] after a few days, or once its access logs dry up