Hi,
I need to generate certs for multiple domains on the fly. But my acme http challenges also gets redirect to https. Can you provide a sample caddyfile to help me with the same how can I generate certs on the fly using letsencrypt or zerossl CA. Domains name are not specific they can change with time
It would be of great help.
Please fill out the help topic template as per the forum rules.
caddy version:v2.6.2 h1:wKoFIxpmOJLGl3QXoo6PNbYvGW4xLEgo32GPBEjWL8o=
config:
{
“storage”: {
“module”: “redis”,
“address”: “”,
“host”: “”,
“port”: “”,
“db”: 0
},
“logging”: {
“logs”: {
“”: {
“level”: “debug”
}
}
},
“apps”: {
“http”: {
“http_port”: 80,
“https_port”: 443,
“grace_period”: 0,
“shutdown_delay”: 0,
“servers”: {
“test1”: {
“listen”: [“:443”],
“read_timeout”: 0,
“read_header_timeout”: 0,
“write_timeout”: 0,
“idle_timeout”: 0,
“keepalive_interval”: 0,
“max_header_bytes”: 0,
“automatic_https”: {
“disable”: false,
“disable_redirects”: false,
“disable_certificates”: false,
“skip”: [“”],
“skip_certificates”: [“”],
“ignore_loaded_certificates”: false
}
}
}
},
“tls”: {
“certificates”: {
“automate” : [“xyz.com”]
},
“automation”: {
“policies”: [{
“issuers”: [{
“ca”: “https://acme-staging-v02.api.letsencrypt.org/directory”,
“email”: “user@skenzo.com”,
“module”: “acme”,
“challenges”: {
“tls-alpn”: {
“disabled”: true
}
}
}]
}]
}
}
}
}
Systemd
Os - Debian 11
Any help on this will be great
I’m guessing they mean on-demand TLS. But yeah, I think we need more details here to answer the rest of the questions… a properly formatted, fully-filled-out template would be helpful 
Basically I want to use http acme challenge to generate certificates for domains. If I am using above config, everything is getting redirected to https so is there any specific config to use http based acme challenge with caddy
Yes I am looking for on demand TLS only with http based acme challenge. I just want to know the basic configuration to do so.
In minimum normal config of Caddyfile:
{
email your@email.com
}
sub.domain.org {
encode gzip
php_fastcgi 127.0.0.1:9000
root * /usr/local/www/
tls {
on_demand
}
file_server
}
with command caddy adapt --config Caddyfile --pretty , it output json file as following:
{
"apps": {
"http": {
"servers": {
"srv0": {
"listen": [
":443"
],
"routes": [
{
"match": [
{
"host": [
"sub.domain.org"
]
}
],
"handle": [
{
"handler": "subroute",
"routes": [
{
"handle": [
{
"handler": "vars",
"root": "/usr/local/www/"
},
{
"encodings": {
"gzip": {}
},
"handler": "encode",
"prefer": [
"gzip"
]
}
]
},
{
"handle": [
{
"handler": "static_response",
"headers": {
"Location": [
"{http.request.orig_uri.path}/"
]
},
"status_code": 308
}
],
"match": [
{
"file": {
"try_files": [
"{http.request.uri.path}/index.php"
]
},
"not": [
{
"path": [
"*/"
]
}
]
}
]
},
{
"handle": [
{
"handler": "rewrite",
"uri": "{http.matchers.file.relative}"
}
],
"match": [
{
"file": {
"split_path": [
".php"
],
"try_files": [
"{http.request.uri.path}",
"{http.request.uri.path}/index.php",
"index.php"
]
}
}
]
},
{
"handle": [
{
"handler": "reverse_proxy",
"transport": {
"protocol": "fastcgi",
"split_path": [
".php"
]
},
"upstreams": [
{
"dial": "127.0.0.1:9000"
}
]
}
],
"match": [
{
"path": [
"*.php"
]
}
]
},
{
"handle": [
{
"handler": "file_server",
"hide": [
"./Caddyfile"
]
}
]
}
]
}
],
"terminal": true
}
]
}
}
},
"tls": {
"automation": {
"policies": [
{
"subjects": [
"sub.domain.org"
],
"issuers": [
{
"email": "your@email.com",
"module": "acme"
},
{
"email": "your@email.com",
"module": "zerossl"
}
],
"on_demand": true
}
]
}
}
}
}
if the above can’t help you, please please please fill-up the HELP TEMPLATE
Basically, yeah; just be aware that without an “ask” endpoint set up, you’ll be vulnerable to DoS attacks. See Automatic HTTPS — Caddy Documentation which also has links to tutorials and configs.
This topic was automatically closed after 30 days. New replies are no longer allowed.