Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

That wouldn't work for caddy if you also follow the best practice to have a CAA record pointing to the issuer and account URL, unless caddy is also managing DNS records in addition to being an HTTP server. (I don't know if it is, but I would think it's a layering violation for an HTTP server to also be a DNS server.)


This is true, if you manually configure a CAA limited to just one CA, then you lose that benefit of redundancy.

I recommend trusting multiple CAs (but not too many): https://matt.life/writing/the-acme-protocol-in-practice-and-...

> (I don't know if it is, but I would think it's a layering violation for an HTTP server to also be a DNS server.)

Caddy 2 is, at its core, a server of servers. The HTTP server is just an "app module" for Caddy. There are other servers; I don't know of a DNS server app yet. (CoreDNS is a fork of Caddy v1, though.)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: