Will caddy TLS challenge for any domain on :443

freeso · May 26, 2025, 1:03am

:443, h3.xx.yy, zh.xx.yy {
…
}
the config is above

somebody say if i use ** :443 ** in the Caddyfile

If someone visits:

random.hacker.com
123.abc.xx.yy
your.server.ip

As long as the request reaches your server on port 443, Caddy will attempt to issue a TLS certificate for those domains (unless a wildcard certificate already covers them, or you’ve manually disabled automatic TLS).

This can result in:

Abuse of your ACME (Let’s Encrypt) rate limits;
Caddy failing to start due to certificate issuance errors (e.g. the domain isn’t yours);
Performance impact from malicious or unwanted traffic;

is it true?

timelordx · May 26, 2025, 2:56am

No

freeso · May 26, 2025, 5:09am

:443 Doesn’t this setting just accept requests from all domains?

timelordx · May 26, 2025, 7:09am

No, it doesn’t, unless explicitly configured to do so.

matt · May 26, 2025, 4:53pm

Just curious where you got this information

freeso · May 27, 2025, 5:52pm

chatgpt

matt · May 27, 2025, 5:53pm

Ah. No wonder everything about it is incorrect… not surprised.

Next time, try just giving our docs a read.