DEV Community

Mert Enercan
Mert Enercan

Posted on

How to manage SSL Certs with Caddy

Ayo!
Another day, another tech. When i struggle with SSL certs, I found unique way to solve specific problem and today, I’d like to introduce you Caddy! It solves various kind of problems but i will focus on mine.

TL:DR

So we’ll be figuring out how we can deploy a backend service and how can we manage our SSL Certificates with Caddy. There is a bonus: We’ll be able to map our application domain with additional thousands of domains with automatically generated Let’s Encrypt Certificates!

The Problem

Let’s say i have amazing application that runs on my own domain like https://example.merto.dev. But some reason, i want it to be able to run another domain such as https://example.notmerto.dev. When it comes to dealing SSL Certs manually, it can be huge pain. If you choose to let 3rd party services handle SSL certs, u’ll likely to encounter with some quotas and stuff that wants you to pay $$$.

Solution

With Caddy Server’s on_demand_tls configuration, you can apply thousands of auto-generated Let’s Encrypt Certificates to your application and you can implement thousands of domains with basic DNS record of CNAME.

The Plan

Ofc, we’ll be using a simple elysia.js backend application for this quest and we’ll be deploying our application on simple Virtual Machine that runs on Google Cloud. Let’s dive in!

Creating VM

So this is the easiest one. I’ll create a E2 machine with 2vCPU and 2GM Memory.

Firewall Rule

We need to allow tcp ports 80, 443 and 3000 for this example.

Setup

Let’s connect with SSH and configure our requirements step by step.

  • Get updates with sudo apt-get update command.

  • Install Bun with curl -fsSL https://bun.sh/install | bash

  • Install Caddy with this guide.

  • Make directory for our app: mkdir caddy-elysia and cd to it.

  • Clone the repo that i created for this article

  • Open Caddyfile and change default domain names with your configurations (i use nvim, btw)

  • Create DNS Record for your main domain in type of A and value of your VM’s IP Address.

Now you are ready to go. Let’s start your elysia app with bun run dev &and follow it by sudo caddy start command. I used caddyelysia.merto.dev domain for my primary app address and on the second domain, i created a CNAME record with it. So i can use my application with multiple domains that has automatically managed SSL Certificates!

So this is it! I know, it might sounds kinda complicated but you need to try and fail in order to learn something. I start with frontend development and look what kind of tech i am using lol. Because i failed A LOT. Yet still failing.

You learn with using your hands, not with your eyes.

Until next time.

Top comments (0)