How to Install SSL Certificate on Caddy

A comprehensive guide to installing and configuring SSL certificates on Caddy web servers.

Table of Contents

Prerequisites

Before installing an SSL certificate on Caddy, ensure you have:

  • Caddy installed and running
  • Root or sudo access to the server
  • Domain name pointing to your server
  • SSL certificate files (if not using automatic HTTPS):
    • Certificate file (.crt)
    • Private key file (.key)
    • Certificate chain file (if applicable)
Note: Caddy provides automatic HTTPS by default using Let's Encrypt.

Obtaining SSL Certificate

With Caddy, you have several options for SSL certificates:

Certificate Options
  • Automatic HTTPS: Built-in Let's Encrypt integration (default)
  • Commercial CA: Use your own certificates from trusted providers
  • Self-signed: For testing/development only

Installing SSL Certificate

If using your own certificates, follow these steps:

  1. Create a directory for certificates: 
    sudo mkdir -p /etc/caddy/certs/example.com
  2. Copy certificate files: 
    sudo cp example.com.crt /etc/caddy/certs/example.com/
sudo cp example.com.key /etc/caddy/certs/example.com/
  3. Set proper permissions: 
    sudo chown -R caddy:caddy /etc/caddy/certs/
sudo chmod 600 /etc/caddy/certs/example.com/*

Configuring Caddy

Use our configuration generator to create your Caddy SSL configuration:

Configuration Generator
Generated Configuration
example.com {
    root * /var/www/html
    file_server
    tls /etc/caddy/certs/example.com/example.com.crt /etc/caddy/certs/example.com/example.com.key
}
Important: Always backup your Caddyfile before making changes.

Testing Configuration

Verify your SSL configuration:

  1. Validate Caddyfile syntax: 
    caddy validate
  2. Reload Caddy configuration: 
    caddy reload
  3. Verify SSL installation:
    • Visit https://example.com
    • Check certificate details in browser
    • Use SSL testing tools (e.g., SSLLabs)

Troubleshooting

  • Automatic HTTPS fails: Check DNS configuration and domain accessibility
  • Certificate not found: Verify file paths and permissions
  • Invalid certificate: Check certificate format and chain
  • Port binding issues: Ensure ports 80 and 443 are available

Best Practices

  • Security:
    • Use automatic HTTPS when possible
    • Keep Caddy updated
    • Regular security audits
  • Maintenance:
    • Monitor certificate expiration (if using custom certificates)
    • Regular configuration reviews
    • Backup Caddyfile and certificates

Automatic HTTPS

Caddy's automatic HTTPS features:

Key Benefits
  • Automatic certificate obtainment and renewal
  • OCSP stapling enabled by default
  • Modern TLS configuration
  • Zero-touch deployment
# Minimal Caddyfile for automatic HTTPS
example.com {
    respond "Hello, HTTPS!"
}
Tip: Automatic HTTPS is the recommended approach for most Caddy deployments.

Certellix is an independent service. We are not affiliated with any commercial certificate authority.

Privacy Policy
Terms of Service
Refund Policy
Contact Us