I’ve got my setup working both locally and in production! But I imagine when I remove/replace my caddy container, it will request new certs from Let’s Encrypt. The way around this, I assume, is to persist the directory that the certs are stored in as a volume. But which directory should this be? The entire $HOME (/root) directory? That seems more than necessary, so thought I’d check as I couldn’t seem to find the answer in existing questions.
Thanks!
Also, in case anyone else stumbles upon this, my working docker-compose.yml file has this for the caddy service:
If you’re running as root, then I think /root/.caddy is all you need to persist.
Also, I’d recommend not using restart: always, but instead restart: unless-stopped. If you run into problems with certificate issuance, you don’t want to have Caddy continually restart, because then you’ll hit rate limits and potentially lock yourself from using your domain until the rate limits time out (which is usually 1 week).
Hm, that directory doesn’t seem to exist (at least on the alpine image). Here’s what I see in /root:
/root/.config/caddy/autosave.json
/root/.local/share/caddy/ contains 3 directories: acme, locks, and ocsp.
Am I missing something? If not, what should be persisted?
EDIT: Actually, shouldn’t I be able to set the location where they’re stored? I was planning on mounting a volume to my droplet/VM, so I’ll need to put them in a specific place if I truly want to persist them, no?