caddy: re-introduce lets encrypt profiles

Signed-off-by: Simon L. <szaimen@e.mail.de>
2026-06-01 16:30:09 +00:00 · 2026-06-01 12:20:40 +02:00
parent e17415591a
commit 34aec1c790
2 changed files with 2 additions and 0 deletions
--- a/Containers/apache/Caddyfile
+++ b/Containers/apache/Caddyfile
@@ -78,6 +78,7 @@ http://{$APACHE_HOST}.nextcloud-aio:23973, # For Collabora callback and WOPI req
    # TLS options
    tls {
        issuer acme {
+            profile tlsserver
            # Disable HTTP challenge because that would require port 80, which we don't get (it's exposed to the mastercontainer).
            # This container by default only exposes port 443 if not configured otherwise via APACHE_PORT.
            disable_http_challenge
--- a/Containers/mastercontainer/acme.Caddyfile
+++ b/Containers/mastercontainer/acme.Caddyfile
@@ -49,6 +49,7 @@ https://:8443 {
 	tls {
 		on_demand
 		issuer acme {
+            profile shortlived
 			disable_tlsalpn_challenge
 		}
 	}