Caddy makes some assumptions by default that don’t match what you’re trying to do. Caddy won’t assume that you want to use the wildcard cert for your other domains, because some people actually do want to use individual certificates.
The best option for you here I think is to use host matchers for your various subdomains in the wildcard site block:
*.website.org {
tls {
dns cloudflare {$CLOUDFLARE_API_KEY}
}
@sub1 host sub1.website.org
handle @sub1 {
reverse_proxy 127.0.0.1:9000
}
@sub2 host sub2.website.org
handle @sub2 {
reverse_proxy 127.0.0.1:8000
}
}
If you used JSON config, you could specifically modify the TLS automation policy to only manage the wildcard certificate and to ignore the rest, and the connection policy would be configured pick up the requests using the wildcard certificate. With the Caddyfile, there’s no way to configure that yet.
@matt do you think it’s worth adding a tls option to explicitly tell the adapter to skip the domain(s) from a site block from the automation policy? Maybe something like:
tls {
managed no
}