Closed j-mcnally closed 8 years ago
Not yet, but wait for the 0.8.1 release (or 0.8.2 for what you want - not sure yet how this'll play out) - we're working on that right now.
In other words, the underlying library, lego, will allow customizing which challenges are used by 0.8.1, but whether we make a way for caddy users to set those customizations at the same time is unclear depending on a few other factors. We'll see; might not make it in till the next release.
k, ive worked around it with some proxying from my other nginx instances.
Is that fixed? because the issue ist closed. Tried to start 0.8.1 with port 443 only, but doesn't work. At the moment an apache is listening at port 80.
Caddy needs port 80 to solve the http-01 challenge, which is the only challenge that works after the server has started (without implementing custom SNI which I'm not planning on doing). So if I were you I would relinquish port 80 to Caddy and proxy to Apache or something.
Ok. Should be a quick solution with caddy https only. I have to move it to another host / ip. Thanks for your fast reponse! :)
Is there any way to use the tls-sni-01
challenge instead of http-01
?
Sorry for sort of re-asking the above question but I wasn't totally clear given the above conversion. :smile:
No, because Caddy need to guarantee port 80 in order to not break reloads. So right now we still don't let the user disable http-01 challenge or the HTTP->HTTPS redirects.
This ticket should be reopened. It should be possible now to disable port 80.
@heri16 What do you mean? (Did I miss something?)
I'd like to know what's happening with this issue as well. Having caddy work with letsencrypt using only 443 would be amazing as my ISP blocks port 80
@Place1 There are issues #918 and #1293 that I think are both different ways to address this.
@Place1 the patch I submitted doesn't disable the HTTP-01 challenge, but that can come in another patch.
right, so if i've read these correctly they're about moving caddy to different ports and having something else proxy traffic to them.
my reason for getting caddy to to TLS-SNI-01 only is because my ISP blocks inbound connections to port 80 meaning I can't do an http challenge. Basically my server is 443 only and so the only challenge I can do (that isn't DNS) is TLS-SNI-01.
@Place1 @j-mcnally @seanhealy The HTTP and TLS-SNI challenges can now be disabled with command line flags -disable-http-challenge
and -disable-tls-sni-challenge
. Don't disable both. ;) (Unless you configure the DNS challenge in your Caddyfile, but then disabling the other challenges is NOT necessary! Caddy will do that for you.)
https://github.com/mholt/caddy/commit/6bc3e7536e915c0f7dd0c22be36201760e9d816d
Using it now. Thank you SOO much. This is a game changer for me. I really appreciate the effort!
Hi Matt, maybe you could add this feature in the online documentation as this is pretty useful when port 80 is already binded.... Thanks 👍
any update to this perhaps? especially with ALPN, caddy really doesnt need port 80 for an HTTPS only setup
maybe caddy could have a quick nohttp or whatever in the caddyfile.
especially when you have a domain that is on preload anyway, the port80 straight isnt needed at least for semi-modern clients.
Caddy 2 will have an option to disable automatic HTTPS entirely.
considering the issue author talks about running with LE and 443 only I doubt disabling autotls is an option for them, but basically just going with ALPN should be fine. as far as I remember the setup I have lying around is also without port 80 going anywhere, so I guess it's no problem.
but talking about caddy2 already, is caddy 1 even out yet? if yes then congratulations.
@My1 yes it is! https://github.com/mholt/caddy/releases/tag/v1.0.0
oh lol. didnt even notice.
TLS-SNI-01 is no longer supported. In case anybody would stumble upon this thread March 13, 2019: End-of-Life for All TLS-SNI-01 Validation Support
Yes, it was replaced by ACME TLS-ALPN. Caddy supports and enables that challenge automatically.
This issue was from Caddy v0/v1. Caddy v2 was a complete rewrite, this is no longer relevant at all. Please avoid posting on such old issues.
Hey Matt,
Im trying to get Caddy to work over 443 with lets encrypt, we have a different server running on port 80.
I saw something in the docs about tls-sni-01, anyway to force that?