-
-
Notifications
You must be signed in to change notification settings - Fork 4.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
How to use both custom certificates and wildcard auto-generated ones? #5216
Comments
Thanks for opening an issue, I or someone will look at this soon! |
For the record, I managed to bypass this issue by running two separate Caddy Docker containers, one for the internal stuff (using the auto-generated wildcard certificate), and the other for the external (with the Cloudflare certificate) |
Any news on this? I current plan to host services on port 443 with a, lets say letsencrypt wildcard cert, and other services (also on port 443) with my own certs so hosting 2 caddy instances sadly isn't an option. |
@amy1337 This issue is pretty old by now, could you try with the latest Caddy version (ideally the latest 2.8 beta) and show us your config and corresponding |
I think I have a similar problem: My config is: {
auto_https disable_certs
}
service1.example.com {
tls /etc/caddy/certs/fullchain.pem /etc/caddy/certs/privkey.pem
respond "ok1"
}
service2.example.com {
# no tls option
respond "ok2"
} When I curl either PS: caddy 2.8.4 on Arch Linux PPS: Docs page for |
I don't think it is intentional. You should get a better idea with There is a WIP feature PR that is meant to get the behaviour you describe from a wildcard site address becoming the priority over provisioning new certs for subdomains that the wildcard could be used for. In that PR they state if you have a single domain you don't want to use wildcard with, you would not use the feature. But since you've relied on the EDIT: As pointed out below, I misunderstood the |
@vehlwn I think in your case, you want The reason the Caddyfile's |
In nginx |
I don't understand what your complaint is about then. Just use |
That is why you use the wildcard certificate.
So your actual complaint is not about the wildcard cert being used, but why each site block has This was explained by looking at the JSON output.
|
I'll close this as inactive. I'm not sure there's anything actionable here. |
I want to caddy to generate a wildcard certificate
*.example.com
, and then use that for multiple hosts (likehomeassistant.example.com
andother.example.com
) on port 443.I also want to have
homeassistant-external.example.com
on port 21443 so I can use a manually set certificate.Basically, I want that when I access
https://homeassistant.example.com:443
the certificate used is the auto-generated wildcard one, and when I accesshttps://homeassistant-external.example.com:21443
it uses the supplied certificate instead.The problem is the moment I add the
:21443
block, it will always pick up that certificate for both:443
and:21443
, and ignore the auto-generated one!I have this setup working fine under nginx, but I haven’t been able to do it with caddy…
(Note: this is a follow up on https://caddy.community/t/how-to-use-custom-certificates-with-wildcard-generated-ones/17808/1)
docker-compose.yml
Dockerfile
Caddyfile
Log entries
The text was updated successfully, but these errors were encountered: