Dev.to
6/22/2026

Stop hand-rolling nginx + certbot for your self-hosted HTTPS
Short summary
Caddy eliminates the nginx + certbot + renewal-cron complexity: it auto-requests certs, renews them before expiry, and applies modern TLS defaults out of the box. DNS-01 validation works for private networks (no public port needed) and enables wildcard certificates covering entire subdomain hierarchies. Author shares practical gotchas and introduces Pipewright, a self-hosted tool automating Caddy setup with per-PR preview environments.
- •Caddy automates HTTPS: request, renewal, and TLS defaults without separate tools
- •DNS-01 validation secures private networks; wildcard certs cover subdomain hierarchies
- •Real gotchas: DNS rate limits, token scope, cert persistence, WebSocket headers
Generated with AI, which can make mistakes.
Is this a good recommendation for you?



