On Demand TLS
Caddy makes it possible to generate SSL certificates for custom domains on the fly.
Updated
If your application lets users specify their own domain, you can use On Demand TLS to issue SSL certificates for customer domains automatically.
Enabling On Demand TLS
To enable On Demand TLS, you'll need to:
- Set a default application for your cluster under Settings.
- Set an On Demand TLS Endpoint that points to an endpoint in your application.
Requests to your cluster with an unknown domain will be routed to the default application. Caddy will check the domain against your On Demand TLS Endpoint to verify your application approves of this domain.
On Demand TLS Endpoint
Caddy will ask your application for approval of a domain by making a request to your endpoint with a query param containing the domain.
localhost:9000/caddy/check?domain=example.org
Your application should respond with a 200 OK to approve or a 422 Unprocessable Content to deny the domain.