You can easily get automatic renewal for nginx using certbot.
Comment on Which reverse proxy do you use/recommend?
lorentz@feddit.it 2 weeks ago
Nginx for my intranet because configuration is fully manual and I have complete control over it.
Caddy for the public services on my vps because it handles cert renewal automatically and most of its configuration is magic which just works.
It is unbelievable how shorter caddy configuration is, but on my intranet:
- I don’t want my reverse proxy to dial on internet to try to fetch new SSL certs. I know it can be disabled, but this is the default.
- I like to learn how stuff works, Nginx forces you to know more details but it is full of good documentation so it is not too painful compared to Caddy.
x00z@lemmy.world 2 weeks ago
lorentz@feddit.it 1 week ago
Yes, but it is a different cron job that needs to run, and you need to monitor it for failures. Caddy does everything out of the box, including retries.
Oisteink@feddit.nl 2 weeks ago
I switched to caddy just for the certs. I get trusted certs on all my internal subdomains without maintenance.
I use haproxy, nginx and caddy at work including a caddy instance with internal CA. 4 lines in config and its signed by our normal CA, so its trusted by all our devices.