Using the magic of Caddy for our automatic HTTPS generation

A primary feature in the Cantrip website builder is the ability to point your domain to our servers and not only does it render your website, but it generates an SSL certificate on the fly for HTTPS domain support!

It’s a fantastic detail and it’s all thanks to Caddy. (Prior to finding out about Caddy I was DREADING building this feature). I wanted to use this post to outline how I accomplished this and what it’s doing behind the scenes.

Caddy is an open-source web server written in Go, and what makes it different is that it assumes HTTPS for your domains by default. By assigning certain rules in your configuration, you can tell Caddy which domains are applicable to obtain generated SSL certificates.

With the power of Caddy’s “On-Demand TLS” feature, when an allowed URL is hit for the first time, if it doesn’t have an SSL certificate it will generate one on-the-fly using Let’s Encrypt. Pretty powerful, right?

Now, of course with Cantrip, we don’t know all the domains that will exist, so we can’t directly specify them. Also, we don’t want to just allow every domain to have this feature, as it could be abused. This brings us to an additional feature that comes baked into Caddy. By providing an endpoint, we can create an api call to determine if a domain is valid or not. If it’s valid, we know it’s okay to begin the process of creating a certificate.

Back in the dashboard, when you add a domain to your website we check the dns status and wait until it is correctly pointed to our servers. Once it is, we ping the domain, which triggers the on-demand feature to generate your SSL certificate.

I hope you enjoyed this little peek under the hood. Looking forward to sharing more soon! If you’re looking for more info into Caddy, give them a look at their website here, and if you’re looking to use Cantrip to build your own website, click here to get started.