Using the API to Add Thousands of Customer Certs

1. The problem I’m having:

Hi there, we are trying to set up a Caddy Server but don’t want to use the cert auto-generation right now. We want to use already existing certificates, which could eventually number in the thousands. I was able to dynamically load a cert/key using a PUT to http://localhost:2019/config/apps/tls/certificates/load_files. However, when I did a PATCH to that same endpoint, it just overwrote the original keys/cert.

How can we (using the API) add multiple cert/keys without a reload? And how can we associate those with a hostname each time? We’d like to avoid providing the whole list of certs each time we call the Admin API.

2. Error messages and/or full log output:

No error messages currently, we just want to know if the above is feasible.

3. Caddy version:

v2.10.2 h1:g/gTYjGMD0dec+UgMw8SnfmJ3I9+M2TdvoRL/Ovu6U8=

4. How I installed and ran Caddy:

homebrew

a. System environment:

macOS Sequoia Version 15.6.1

macos

b. Command:

caddy run --config Caddyfile --adapter caddyfile

c. Service/unit/compose file:

N/A

d. My complete Caddy config:

{
    admin 0.0.0.0:2019
}


https://localhost {
	reverse_proxy localhost:4040
}

5. Links to relevant resources:

strong text

Can I ask why? That’s exactly how you’d do it…

(You don’t need to do it for every API call – just do it once when you start the server.)

@matt In our case, customers will be uploading their certs to our app. So we won’t have them when we start the Caddy server - they will be added after the fact.

We are also concerned about how long it will take to reload all of those certs if we have to provide the full list each time a new one is added.

So is Caddy not managing the certs at all? They are being renewed externally and manually updated by users?

@matt Yes, that’s correct. We’re hoping to use Caddy’s management of certs in the future, but in this interim stage they are going to be manually updated.