Okay, one more thing I’ve discovered, but just now, because of my domain hnrk.io being in HSTS preload of some browsers:
When visiting http://hnrk.io without my browser redirecting to https automatically based on HSTS preload, Caddy serves a blank white HTTP 200 page.
Since I added a domain that is not in preload list, I discovered this phenomenon because I visited weather-frogs.de, see my current Caddyfile now:
{
"experimental_http3": true
}
167.86.123.102:80, [2a02:c207:3004:1207:be:a:bad:babe]:80 {
tls off
redir https://hnrk.io{uri} 301
}
hnrk.io, www.hnrk.io {
root * /etc/caddy/html
tls /etc/caddy/hnrk.io.crt /etc/caddy/hnrk.io.key
encode brotli zstd gzip
php_fastcgi unix//run/php/php7.3-fpm.sock
file_server /md browse
file_server
}
weather-frogs.de, www.weather-frogs.de {
root * /etc/caddy/html/weather-frogs.de
encode brotli zstd gzip
php_fastcgi unix//run/php/php7.3-fpm.sock
file_server
}
In the logs, Caddy successfully pulls a certificate for (www.)weather-frogs.de:
$ ./caddy run -config=/etc/v2caddy/Caddyfile
2019/09/18 20:19:59 Caddy 2 admin endpoint listening on localhost:2019
2019/09/18 20:19:59 [INFO][cache:0xc00020caa0] Started certificate maintenance routine
2019/09/18 20:19:59 [INFO][hnrk.io] Skipping automatic certificate management because one or more matching certificates are already loaded
2019/09/18 20:19:59 [INFO][www.hnrk.io] Skipping automatic certificate management because one or more matching certificates are already loaded
2019/09/18 20:19:59 [INFO] Enabling automatic HTTPS certificates for [weather-frogs.de www.weather-frogs.de]
2019/09/18 20:19:59 [INFO][weather-frogs.de] Obtain certificate
2019/09/18 20:19:59 [INFO] [weather-frogs.de] acme: Obtaining bundled SAN certificate
2019/09/18 20:20:02 [INFO] [weather-frogs.de] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/400079751
2019/09/18 20:20:02 [INFO] [weather-frogs.de] acme: use tls-alpn-01 solver
2019/09/18 20:20:02 [INFO] [weather-frogs.de] acme: Trying to solve TLS-ALPN-01
2019/09/18 20:20:06 [INFO] [weather-frogs.de] The server validated our request
2019/09/18 20:20:06 [INFO] [weather-frogs.de] acme: Validations succeeded; requesting certificates
2019/09/18 20:20:12 [INFO] [weather-frogs.de] Server responded with a certificate.
2019/09/18 20:20:12 [INFO][www.weather-frogs.de] Obtain certificate
2019/09/18 20:20:12 [INFO] [www.weather-frogs.de] acme: Obtaining bundled SAN certificate
2019/09/18 20:20:15 [INFO] [www.weather-frogs.de] AuthURL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/400084326
2019/09/18 20:20:15 [INFO] [www.weather-frogs.de] acme: use tls-alpn-01 solver
2019/09/18 20:20:15 [INFO] [www.weather-frogs.de] acme: Trying to solve TLS-ALPN-01
2019/09/18 20:20:17 [INFO] [www.weather-frogs.de] The server validated our request
2019/09/18 20:20:17 [INFO] [www.weather-frogs.de] acme: Validations succeeded; requesting certificates
2019/09/18 20:20:20 [INFO] [www.weather-frogs.de] Server responded with a certificate.
2019/09/18 20:20:21 [INFO] Enabling automatic HTTP->HTTPS redirects for [hnrk.io www.hnrk.io weather-frogs.de www.weather-frogs.de]
2019/09/18 20:20:21 [INFO] Enabling experimental HTTP/3 listener on :443
2019/09/18 20:20:21 [INFO] tls: Cleaned up storage unit(s)
2019/09/18 20:20:21 Caddy 2 serving initial configuration
But again serves a blank white 200 HTTP page on my second domain, too, so I think HTTP->HTTPS redirect in Caddy v2 does not work when both providing cert and key manually and obtaining it via certmagic.
In the picture you can see the internal redirect from Brave becaue of HSTS preload, and from Internet Explorer, that doesn’t have my domain hnrk.io in preload, that it does not redirect to HTTPS.
EDIT: With the converted Caddyfile.json, I exceed Caddy forum’s body limit 
, hence I created a snippet here: https://gist.github.com/Henrocker/1521a7b2fd53c2341b64edfdc3e136f2