example.com wp.example.com caddyfreakingrules.example.com {
root * /var/www/wordpress
php_fastcgi unix//run/php/php-version-fpm.sock
file_server
}
Suddenly not only does my Wordpress site respond on example.com, but also wp.example.com, and caddyfreakingrules.example.com, Caddy will fetch and automatically rotate certs for all three domains, and Caddy will auto-redirect from http to https on all three domains. (Does the ngnix example actually do that?) {
admin off
auto_https prefer_wildcard
email [email protected]
cert_issuer acme {
dir https://acme-v02.api.letsencrypt.org/directory
resolvers 1.1.1.1 1.0.0.1
dns cloudflare {env.CLOUDFLARE_API_TOKEN}
}
ocsp_stapling off
}
example.com wp.example.com caddyfreakingrules.example.com {
root * /var/www/wordpress
php_fastcgi unix//run/php/php-version-fpm.sock
file_server
}
# This is simply to trigger generation of the wildcard cert without
# responding with the Wordpress application on all of the domains.
*.example.com {
respond "This is not the app you're looking for" 404
}
Then you'll disable the unauthenticated JSON API on localhost:2019 (which is a good security practice, this is my only gripe with Caddy, this API shouldn't be enabled by default), tell Caddy how to use the DNS-01 ACME resolver against Cloudflare (requires a plugin to Caddy, there are loads for many DNS providers), and then tell Caddy to use appropriate wildcard certs if it has generated them (which for *.example.com it will have).
Tried it and it seems to work for the most part, but one app where it would be really helpful to me is Ghostty.app, specifically the quick-terminal, and it seems that it doesn't currently handle that, which is unfortunate.