Force HTTPS with Let's Encrypt
🚀 Installation & Setup
·
Updated 3 weeks ago
Force HTTPS with Let's Encrypt
Enables automatic TLS encryption with Let's Encrypt certificates. HTTP requests are redirected to HTTPS via 301, certificates are automatically renewed.
How does it work?
Client → http://app.example.com:80 → 301 Redirect → https://...
Client → https://app.example.com:443 → Caddy (TLS) → Backend- Caddy listens on port 443
- ACME HTTP-01 challenge: Let's Encrypt retrieves token via port 80
- Certificate issued and automatically renewed (30 days before expiry)
- HTTP → HTTPS redirect via 301
Setup
- Create or edit route
- Enable Force HTTPS toggle (on by default)
- Save — Caddy handles everything automatically
Configure ACME Email
GC_CADDY_EMAIL=admin@example.com
# Optional: Alternative ACME CA
GC_CADDY_ACME_CA=https://acme-staging-v02.api.letsencrypt.org/directoryTroubleshooting
| Problem | Solution |
|---|---|
| Certificate not issued | Check A record with dig or nslookup |
| ACME challenge failed | Open port 80 in firewall/router |
| Too many certificates | Wait 1 hour (Let's Encrypt rate limit) |
Prerequisites
- DNS must point to the GateControl server via A/AAAA record
- Ports 80 and 443 must be open
- No Cloudflare Proxy (orange cloud) — use DNS Only
- Max 50 certificates per domain per week (Let's Encrypt rate limit)