I finally gave in and tried out Caddy. It’s about as great as everyone says it is.
@mckinley@mckinley.cc what makes it so great? 🤔
@prologic@twtxt.net I thought you were one of the people telling me how great it was. It is a Go project, after all. What do you usually use? I always find myself spending a lot of time making Nginx do what I want and I don’t think I’ve ever had automatic certificate renewal work the first time.
Caddy just works. I have some self-hosted Web services with easy-to-remember subdomains that only exist on my Wireguard network with a valid Let’s Encrypt (wildcard) certificate so browsers don’t complain. It should be automatically renewed without my input but we’ll see what happens. It took shockingly little effort, even considering I need to customize the Docker image and create API keys so it can solve a DNS challenge using my provider.
I’m still not thrilled about using software that does magic for you (like Docker and Caddy) but it sure makes things easy.
All the “magic” might be nice in the short term, but as it becomes the default it can paper over some really questionable decisions when it’s too late to change them. This can be applied to a number of things in computing but the best example I can think of is networking. (Side note: That’s one of my favorite blog posts ever.)
Things start out simple and got more complicated until someone figures out how to cover up the mess. Then, since nobody wants to get in there and fix it properly and everyone else has already moved on, we just ignore what’s behind the curtain and hope it all keeps working.