We’ve reached an agreement with Smallstep to help bring fully-managed PKI to Caddy!
The goal here is to put every site – even local and internal ones – on HTTPS. Using HTTPS on localhost can help streamline the transition from development into production, and using HTTPS on internal infrastructure (mTLS) can provide greater security and privacy, especially on untrusted/cloud networks.
Currently, managing the infrastructure needed for proper HTTPS on local and internal hosts is tedious and error-prone. Integrating Smallstep into Caddy will allow us to serve
https://example.local using trusted certificates with much less hassle.
The goal is to make them work just like HTTPS for public sites that use Let’s Encrypt. The main difference is that the CA is private rather than public.
Design work will begin shortly!
Join the discussion on GitHub: https://github.com/caddyserver/caddy/issues/3021