We serve to few thousand CNAMEs that are all pointing to our web app behind Caddy. Our app simply displays a customized interface to each CNAME and Caddy helps us to generate SSL certs for each CNAME.
Just ran the updated version with error logging and it seems like this new version doesn’t see the older certificates created, tries to create new certificates and being throttled (possibly due to trying to create lots of new certs).
Is there anything (like setting the path to certs) we must perform to be compatible with the new version?
Ahh, yes, the newer versions updated to the ACME v2 endpoint and changed the certificate scheme. Older Automatic HTTPS certificates from the v1 endpoint are not portable.
Additionally, the max_certs On-Demand TLS solution has a local rate limit of one certificate per ten minutes after the first ten certificates have been requisitioned. With a few thousand FQDNs, you might be waiting a while to fill out your certificate storage again.
If you can’t wait that long, or it’s critical you bring your sites back up immediately, I’d advise reverting back to your last working version of Caddy. You can then implement an ask endpoint to give to Caddy when you update again to the latest version. Unlike the max_certs solution, using ask to enable On-Demand TLS doesn’t have a local rate limit, as it’s assumed the ask endpoint will prevent abuse.