They both implement the ACME protocol internally, allowing them to integrate with services like Let’s Encrypt to automate regularly obtaining the certificates needed to offer HTTPS.
I did not realise this. Very nice, I’ll be trying Caddy on my next server!
My newest vps runs with Caddy. Works like a charm. The downside was, that I didn’t think of the automatic certificate deployment when I set everything up and it wouldn’t come up a first when I only wanted to connect locally to it, as it tried to get a certificate but the challenge failed because I hadn’t the firewall open yet. But besides that it was very smooth so far.
I use Traefik for all of my containerised services. It’s fantastic.
You know what’s even better? You can point traefik to your own ACME-compatible CA (I use step-ca) to get certs for LAN-only services. And you can even configure per service which one it should use.
Is this better than using wildcard certificates?
I have local only SSL via a wildcard *.local.domain.com
Instructions here:
I think I set that up back when Let’s Encrypt didn’t offer wildcard certificates. In the end, it serves pretty much the same purpose.
