Back to feed
Dev.to
Dev.to
6/22/2026
Stop hand-rolling nginx + certbot for your self-hosted HTTPS

Stop hand-rolling nginx + certbot for your self-hosted HTTPS

Short summary

Caddy eliminates the nginx + certbot + renewal-cron complexity: it auto-requests certs, renews them before expiry, and applies modern TLS defaults out of the box. DNS-01 validation works for private networks (no public port needed) and enables wildcard certificates covering entire subdomain hierarchies. Author shares practical gotchas and introduces Pipewright, a self-hosted tool automating Caddy setup with per-PR preview environments.

  • Caddy automates HTTPS: request, renewal, and TLS defaults without separate tools
  • DNS-01 validation secures private networks; wildcard certs cover subdomain hierarchies
  • Real gotchas: DNS rate limits, token scope, cert persistence, WebSocket headers

Generated with AI, which can make mistakes.

Is this a good recommendation for you?

Explore more