Understanding Caddy's SSL Modes

Since the launch of Let's Encrypt some years ago, the number of HTTPS websites has increased dramatically, and for good reason! Let's Encrypt certificates are free, and it's easy to automate obtaining and renewing them. The Caddy web server that Eddy Server Management uses has built-in support for Let's Encrypt and ZeroSSL, another free certificate authority. Caddy automatically sets up HTTPS for all your sites and renews the certificates when they are about to expire.

While the default settings are fine for most sites, there are actually four SSL modes you can choose with Eddy Server Management. You don't have to update configuration files to change the SSL mode manually; you can do it from the Eddy Server Management UI. In this article, we'll explain their differences and how to choose the right one for your site.

SSL settings Eddy Server Management


This is the default setting, and it's the one that we recommend for most sites. With this setting, Caddy will automatically obtain a certificate for your site and renew it when it's about to expire. It will also redirect all HTTP requests to HTTPS so your site is always served over a secure connection.


Caddy's Internal mode generates TLS certificates internally without relying on an external certificate authority. This mode is particularly useful for development environments and local testing. You might use this mode if you're preparing a site for production and want to test it with HTTPS before you patch the DNS records to point to the production server. In this case, you can use the Internal mode to generate a certificate for your site and switch to the Auto mode once you're ready to go live.


Custom mode allows you to provide your website's own TLS certificate and private key. This mode is helpful if you already have a certificate for your site or want to use a certificate from a certificate authority other than Let's Encrypt or ZeroSSL. Some organizations require SSL certificates from a specific certificate authority or with specific requirements, and this mode allows you to use those certificates with Eddy Server Management. Remember that you will need to renew your certificate when it expires manually, and you will also need to update your certificate if you change your domain name manually.


Off mode disables SSL/TLS for your site, allowing unencrypted communication. While not recommended for production websites, Off mode can be helpful in specific scenarios, such as troubleshooting and analyzing issues related to encryption, or in closed environments, where you may not need encryption.