This is a web server that I’ve been writing in Go with native ACME support (using lego). It serves all your sites over HTTPS using Let’s Encrypt. It:
runs on all platforms,
has no dependencies,
and does not require sudo (on Linux).
It automatically renews your certificates for you. The idea is you start the program with a Caddyfile and it just works – no extra configuration needed. It has fully replaced Apache and nginx for my own needs.
Here’s a basic Caddyfile to get you started (replace example.com with your own domain name):
This should serve your site over HTTPS and redirect HTTP to HTTPS.
Please read the release notes in my first link above to get an idea of what to expect.
I’m hoping that developers and others with technical abilities will try it out and offer your feedback. It may be a little rough around the edges, but I’m using it in production on unimportant sites and it’s working fine. Let me know both your good and bad experiences - and any questions you may have - thanks!
well this is rather epic, now put this a PHP and a MySQL together and it gets even better.
also does caddy generate a cert for each domain or can I let it make a SAN with all in them instread, especially helpful for the little amount of people browsing without SNI support (or the people trying to access a Network Drive over Webdav, the WebClient STILL doesnt support SNI as of win8.1)
You can already use Caddy with PHP and MySQL just like you would nginx with them. Caddy can proxy fastcgi (more simply than nginx), and your PHP app can connect to MySQL like it normally does.
Since Caddy fully manages the certificates for you, it generates one certificate per domain. Turns out this is much simpler to manage in an automated environment. I don’t think this would be a problem since you (ideally) will never have to manage the certificates manually. And Caddy does have SNI support.
How does it behave if you have a test domain like local.example.com pointing to 127.0.0.1 or something like that? Does it have some setting to disable public certificates and use self-signed instead there for development?
well I have seen servers that do SNI but have some “fallback” cert which is presented by default (in apache that probably would be a cert presented outtside of the virtualhosts)
so in that case the worst you can get is an invalid cert (well obvious)
or let’s change the perspective what does the server do if it gets an SNI that isnt in the list? just kill the connection?
I just updated the binaries for beta 3, which has refinements to logging, error reporting, and a fixes for a few sneaky bugs.
At this point, all relevant known bugs have been fixed, so we’re mainly just waiting for Let’s Encrypt to reach general availability. I need your help, so please try it and report any bugs you encounter, but also let me know what you think in general.
@My1: To answer your questions, yeah, it probably won’t take. You can define a ‘wildcard’ host in your Caddyfile to handle requests for all other host names (but of course, you can’t get a certificate for 0.0.0.0).
that it wont get a cert automatically for 0.0.0.0 or similar is obvious, but there I can just put in the one that should be used, or what would be epic is like saying
or whatever so that it knows that if there’s nothing it just reacts as is it has gotten example.com