this post was submitted on 18 Nov 2024
262 points (98.9% liked)

Selfhosted

40394 readers
755 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

  1. Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.

  2. No spam posting.

  3. Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.

  4. Don't duplicate the full text of your blog or github here. Just post the link for folks to click.

  5. Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).

  6. No trolling.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 2 points 1 week ago (1 children)

How did you set up you SSL certificates, are you using a self signed certificate or do you use a custom subdomain?

[–] [email protected] 3 points 1 week ago (1 children)

Caddy automatically sets up certificates for you. Since I don't want my subdomain to appear in certificate transparency logs, I use a wildcard certificate which requires using a plugin for my DNS provider.

[–] [email protected] 1 points 1 week ago (1 children)

Thanks, that sounds good. Can you explain more how you used the plugin for the wildcard certificate?

[–] [email protected] 1 points 6 days ago

To get a TLS certificate from Let's Encrypt, they need to verify that you are in control of your domain. For regular domains, this can be done via HTTP, for wildcard certificates they require you to create a DNS record with a special token to verify ownership of the domain.

This means that in order to automatically obtain a TLS certificate, caddy needs to interact with the API of your domain registrar to set up this record. Since there are many different providers, this isn't built into caddy itself and you require a version that includes the corresponding caddy-dns module. Caddy modules need to compiled into the binary, so it's not always trivial to set up (in my case I have a systemd timer that rebuilds a local container image whenever a new version of the docker.io/caddy:builder image is available).