Caddy is an open-source web server written in Go that automatically provisions and renews HTTPS certificates from Let's Encrypt without any manual configuration. Unlike Apache or Nginx, Caddy makes HTTPS the default and handles certificate management entirely on its own. This guide installs Caddy on Ubuntu 26.04 from the official repository, configures a virtual host with automatic SSL, and verifies the setup. By the end, you'll have Caddy serving your domain over HTTPS with no manual certificate management required.
Install Caddy
Caddy provides an official APT repository for Debian-based systems.
1. Update the APT package index:
$ sudo apt update
2. Add the Caddy GPG key:
$ curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/gpg.key' | sudo gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg
3. Add the Caddy APT repository:
$ curl -1sLf 'https://dl.cloudsmith.io/public/caddy/stable/debian.deb.txt' | sudo tee /etc/apt/sources.list.d/caddy-stable.list
4. Refresh APT and install Caddy:
$ sudo apt update
$ sudo apt install caddy -y
5. Verify the installed version:
$ caddy version
Configure Caddy as a System Service
Enable Caddy to start automatically when the server boots.
1. Enable and start the service:
$ sudo systemctl enable caddy
$ sudo systemctl start caddy
2. Check the service status:
$ sudo systemctl status caddy
3. Stop or restart the service when needed:
$ sudo systemctl stop caddy
$ sudo systemctl restart caddy
Configure Firewall Rules
Port 80 is required for ACME certificate challenges.
$ sudo ufw allow 80/tcp
$ sudo ufw allow 443/tcp
Create a Virtual Host
1. Create the web root directory and set permissions:
$ sudo mkdir -p /var/www/app.example.com
$ sudo chown -R caddy:caddy /var/www/app.example.com
2. Create a sample HTML page:
$ sudo nano /var/www/app.example.com/index.html
<!DOCTYPE html>
<html>
<head><title>My App</title></head>
<body><h1>Hello World from Caddy on Ubuntu 26.04</h1></body>
</html>
3. Create the log directory:
$ sudo mkdir -p /var/log/caddy
$ sudo chown -R caddy:caddy /var/log/caddy
4. Back up the default Caddyfile:
$ sudo mv /etc/caddy/Caddyfile /etc/caddy/Caddyfile.default
5. Create a new Caddyfile:
$ sudo nano /etc/caddy/Caddyfile
app.example.com {
tls admin@example.com
root * /var/www/app.example.com
file_server {
index index.html
}
log {
output file /var/log/caddy/app.example.com.log
format console
}
}
Directives explained:
-
tls: email address for Let's Encrypt registration -
root: document root directory -
file_server: enables static file serving -
log: routes access logs to a file
Validate and Reload
1. Format the Caddyfile:
$ sudo caddy fmt --overwrite /etc/caddy/Caddyfile
2. Validate the configuration:
$ sudo caddy validate --config /etc/caddy/Caddyfile
3. Reload Caddy:
$ sudo systemctl reload caddy
Open https://app.example.com in a browser. The page loads with a valid SSL certificate — no extra steps required.
Next Steps
Caddy is now running and serving your domain over HTTPS. From here you can:
- Configure Caddy as a reverse proxy in front of a Node.js or Python application
- Add multiple sites by appending additional server blocks to the Caddyfile
- Enable automatic HTTP-to-HTTPS redirects — Caddy enables them by default
For the full guide with additional tips, visit the original article on Vultr Docs.
Top comments (0)