Caddy 0.9 will support the ACME DNS challenge which allows you to obtain a certificate without the Let’s Encrypt servers having to contact your server directly; no need to start a listener or use port 80 or 443.
The catch is that you have to supply credentials to your DNS provider, and in order to automate this challenge, code has to be written to communicate with the DNS provider’s API.
Our underlying library, xenolf/lego, supports 10 providers already, possibly more in the future. It’s fairly easy to support these in Caddy, but it looks like this right now:
var dnsProv acme.ChallengeProvider
var err error
switch config.DNSProvider {
case "cloudflare":
dnsProv, err = cloudflare.NewDNSProvider()
case "digitalocean":
dnsProv, err = digitalocean.NewDNSProvider()
case "dnsimple":
dnsProv, err = dnsimple.NewDNSProvider()
case "dyn":
dnsProv, err = dyn.NewDNSProvider()
case "gandi":
dnsProv, err = gandi.NewDNSProvider()
case "gcloud":
dnsProv, err = gcloud.NewDNSProvider()
case "namecheap":
dnsProv, err = namecheap.NewDNSProvider()
case "rfc2136":
dnsProv, err = rfc2136.NewDNSProvider()
case "route53":
dnsProv, err = route53.NewDNSProvider()
case "vultr":
dnsProv, err = vultr.NewDNSProvider()
default:
if config.DNSProvider != "" {
return fmt.Errorf("unknown DNS provider '%s'", config.DNSProvider)
}
}
if err != nil {
return err
}
if dnsProv != nil {
client.SetChallengeProvider(acme.DNS01, dnsProv)
}
(Update: Based on discussion below, we’ve changed the DNS providers to a pure plugin model.)
As you can see, each provider imports a different package. Some of these packages, such as route53 and cloudflare, import other packages that help them communicate with the provider. (Others are very lightweight and only use net/http). The size of the Caddy binary grows pretty quickly with this much code, especially if more providers get added later.
The way Caddy 0.9 works is that nearly component is a plugin, which means even the “built-in” providers will be plugged in, but they’ll be plugged in by default. Others, the user will have to select that plugin when they download or build Caddy.
So the question is: Which providers does Caddy support out-of-the-box? Any of them? All of them? Some of them?