this post was submitted on 01 Feb 2026
36 points (100.0% liked)

Selfhosted

60587 readers
1590 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

Rules:

Detailed Rules Post

  1. Be civil.

  2. No spam.

  3. Posts are to be related to self-hosting.

  4. Don't duplicate the full text of your blog or readme if you're providing a link.

  5. Submission headline should match the article title.

  6. No trolling.

  7. Promotion posts require active participation, with an account that is at least 30 days old. F/LOSS without a paywall has exceptions, with requirements. See the rules link for details. Tags [CBH] or [AIP] are required, see the links in Rule 8 for details.

  8. AI-related discussions and AI-involved promotional posts have additional requirements for tagging, as noted in Rule 7 and the AI & Promotional Post Expanded Rules post, and find example disclosures here.

Resources:

Any issues on the community? Report it using the report flag.

Questions? DM the mods!

founded 3 years ago
MODERATORS
 

Think I've gone down the rabbit hole on this one.

I have more than one Debian machine that I host apps on. I want to serve them with https, so I decided it was best to centrally get the domain cert/key (I've used certwarden) and use a script/cron job on each server to get the certs. Then use caddy to reverse-proxy.

So, after some research I decided that certs should be placed in /etc/SSL/certs (keys in /etc/SSL/private). Problem is caddy can't get to them. I've tried messing around with permissions etc but I suspect I'm running into issues because I'm not doing this the proper way.

What is the proper way of doing it? Or is there a much easier solution?

you are viewing a single comment's thread
view the rest of the comments
[–] poVoq@slrpnk.net 5 points 5 months ago (1 children)

If you switch to the dns-01 challenge you can just generate the certs on multiple servers hasselfree. And as a bonus you can get wildcard certs for subdomains.

[–] KaKi87@jlai.lu 2 points 5 months ago* (last edited 5 months ago) (1 children)

How ?

I've seen nothing about that in the Caddy docs.

I must admit that one disadvantage of Caddy compared to when I was using acme.sh, is having to make a request to Let's Encrypt (even automatically) for every subdomain, making all of them visible on crt.sh

[–] BlueBockser@programming.dev 6 points 5 months ago (1 children)

The docs on DNS challenge are here, and a bit further down you can find the ones on wildcard certificates

[–] KaKi87@jlai.lu 0 points 5 months ago