NGINX and certificate management

Posted Aug 13, 2025 20:07 UTC (Wed) by stephane (subscriber, #57867)
Parent article: NGINX adds native support for ACME protocol

I have often found the automation of deploying Nginx + Nginx-Certbot + SSL configuration via Ansible to be a bit of a pain. The rather slow development and the curious security management by F5 made me switch to Caddy (https://caddyserver.com/).

The integration of SSL/TLS certificate management in Caddy is just fantastic, and so is everything else!

NGINX and certificate management

Posted Aug 13, 2025 21:44 UTC (Wed) by aszs (subscriber, #50252) [Link] (3 responses)

Yeah it's pretty nice and the certs are signed by ZeroSSL not Let's Encrypt -- they don't have the rate limits that Let's Encrypt does.. If you have a lot of subdomains that comes in handy!

NGINX and certificate management

Posted Aug 14, 2025 6:47 UTC (Thu) by NYKevin (subscriber, #129325) [Link] (1 responses)

You can get a wildcard certificate if you go to the bother of setting up DNS-01 validation instead of HTTP-01 validation.

Unfortunately, NGINX does not (yet) support that, so you pretty much have to use Certbot or something resembling it.

NGINX and certificate management

Posted Aug 14, 2025 12:19 UTC (Thu) by aszs (subscriber, #50252) [Link]

True... but in this case the subdomains are controlled by different users (and they have access to the cert). If they had wildcard certs they could spoof each other, so we need one per subdomain.

NGINX and certificate management

Posted Aug 14, 2025 18:13 UTC (Thu) by rbtree (guest, #129790) [Link]

ZeroSSL used to be the default, but now it's just a fallback for when Let's Encrypt is not available.

https://caddyserver.com/docs/caddyfile/directives/tls#acme