Thousands of SSL certs - Can Caddy handle this and other questions


I am investigating using a commercial license of Caddy for the following items, and wondered if it was possible:

1 - Clustered, more than one Caddy for redundacy. Pretty sure based on docs it can be done as long as the acme folder is shared.
2 - Auto SSL certs. We need to secure thousands of domain names that we host currently in HTTP only. We control almost all the dns zones via our own local PowerDNS servers. Manually maintaining this many SSL certs is not an option, and are looking into Let’s Encrypt with Caddy.
3 - Proxy/Load Balancer. We have some domains going to one set of 3 web servers, and other domains going to another group. How would this be best setup? One group of Caddy Servers per web farm?

Apologize as I only recently discovered Caddy if these are covered in examples somewhere.

Yep! They just need to share the same $CADDYPATH.

Definitely – I know of a few Caddy instances which manage certificates for thousands of sites. Recent upgrades starting in about 0.10.10-ish help Caddy to handle tens of thousands or even hundreds of thousands as long as you have enough RAM to cache the last tens of thousands of certificates used. Caddy is ready for your sites!

The proxy directive would be what you want, it’s easy to configure a reverse-proxy (though if you don’t fully understand what you’re proxying to, like some big Django apps or something, it can be a little nuanced):

Thanks for the reply.

Now for the really fun question. Do I have to define every domain we need in the caddyfile?

No, you can specify a wildcard for lots of subdomains:

* {

Or a catch-all for any domain:

https:// {

Using :443 also works.

Read about how to use automatic HTTPS with these special cases: Automatic HTTPS — Caddy Documentation for wildcard certificates and Automatic HTTPS — Caddy Documentation for on-demand TLS (when you use a catch-all).

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.