If you switch to the dns-01 challenge you can just generate the certs on multiple servers hasselfree. And as a bonus you can get wildcard certs for subdomains.
Comment on [deleted]
jobbies@lemmy.zip 1 day ago[deleted]
poVoq@slrpnk.net 1 day ago
KaKi87@jlai.lu 1 day ago
How ?
I’ve seen nothing about that in the Caddy docs.
I must admit that one disadvantage of Caddy compared to when I was using
acme.sh, is having to make a request to Let’s Encrypt (even automatically) for every domain name, making all of them visible on crt.shBlueBockser@programming.dev 1 day ago
The docs on DNS challenge are here, and a bit further down you can find the ones on wildcard certificates
KaKi87@jlai.lu 20 hours ago
Oh, thanks !
BlackEco@lemmy.blackeco.com 1 day ago
But you’re still using Caddy as the sole reverse proxy, don’t you? Do you have multiple Caddy instances that require access to a single certificate?
Appoxo@lemmy.dbzer0.com 1 day ago
Thing is, you may have some devices that should be accessible even if the reverse proxy is unreachable.
And if you have HSTS and wamt to reach a device under the same local DNS suffix (example: External -> service.example.org, Internal: service.int.examole.org) you can’t just bypass the https warning.
Same for devices reachable over RDP, SSH, etc. etc.