1. The problem I’m having:
I want SSL for mail.example.com to be handled automatically by Caddy and get a certificate in the default way, but I want everything else (*.example.com), to use a manually specified local cert.
Currently, Caddy is ignoring the defined host (mail.example.com), and just using the wildcard certificate from the section directly below it.
If I comment out the wildcard handler altogether, I get what I want, and it pulls a cert for mail.example.com.
How can I handle both situations the way I want? Apologies for redacting my post, but this is production facing and the Caddyfile has some other unrelated sites in it, that I don’t want exposed.
2. Error messages and/or full log output:
logger=http.auto_https msg=skipping automatic certificate management because one or more matching certificates are already loaded domain=mail.example.com server_name=srv0
3. Caddy version:
2.7.4
4. How I installed and ran Caddy:
Docker Compose
a. System environment:
amd64
c. Service/unit/compose file:
---
services:
caddy:
image: caddy:latest
restart: unless-stopped
volumes:
- ./Caddyfile:/etc/caddy/Caddyfile
- ./data:/data
- ./config:/config
- ./certs:/certs
- ./logs:/logs
ports:
- 80:80
- 443:443
d. My complete Caddy config:
{
email webmaster@example.com
# auto_https ignore_loaded_certs ## this didn't work either...
}
mail.example.com { ## this host should get a cert automatically
reverse_proxy {$HOST}:9002 # Docker Mail Server
}
*.example.com { ## only the wildcard hosts, should use the manually specified wildcard
tls /certs/cert.txt /certs/key.txt
@app1 host app1.example.com
handle @app1 {
reverse_proxy {$HOST}:1234 # Etc etc
}
}
