Files

GitHub Actions 1426c6f885 docs: complete feature documentation rewrite

Comprehensive documentation overhaul for Charon features:

Rewrite features.md as marketing overview (87% reduction)
Create comprehensive dns-challenge.md for new DNS feature
Expand 18 feature stub pages into complete documentation:
SSL certificates, CrowdSec, WAF, ACLs, rate limiting
Security headers, proxy headers, web UI, Docker integration
Caddyfile import, logs, WebSocket, backup/restore
Live reload, localization, API, UI themes, supply chain security
Update README.md with DNS Challenge in Top Features
Total: ~2,000+ lines of new user-facing documentation

Refs: #21, #461

2026-01-15 02:50:06 +00:00

3.1 KiB

Raw Blame History

title, description

title	description
Automatic HTTPS Certificates	Automatic SSL certificate provisioning and renewal via Let's Encrypt or ZeroSSL

Automatic HTTPS Certificates

Charon automatically obtains free SSL certificates from Let's Encrypt or ZeroSSL, installs them, and renews them before they expire—all without you lifting a finger.

Overview

When you create a proxy host with HTTPS enabled, Charon handles the entire certificate lifecycle:

Automatic Provisioning — Requests a certificate from your chosen provider
Domain Validation — Completes the ACME challenge automatically
Installation — Configures Caddy to use the new certificate
Renewal — Renews certificates before they expire (typically 30 days before)
Smart Cleanup — Removes certificates when you delete hosts

Why Use This

Zero Configuration — Works out of the box with sensible defaults
Free Certificates — Both Let's Encrypt and ZeroSSL provide certificates at no cost
Always Valid — Automatic renewal prevents certificate expiration
No Downtime — Certificate updates happen seamlessly

SSL Provider Selection

Navigate to Settings → Default Settings to choose your SSL provider:

Provider	Best For	Rate Limits
Auto	Most users	Caddy selects automatically
Let's Encrypt (Production)	Production sites	50 certs/domain/week
Let's Encrypt (Staging)	Testing & development	Unlimited (untrusted certs)
ZeroSSL	Alternative to LE, or if rate-limited	3 certs/domain/90 days (free tier)

When to Use Each Provider

Auto: Recommended for most users. Caddy intelligently selects the best provider.
Let's Encrypt Production: When you need trusted certificates and are within rate limits.
Let's Encrypt Staging: When testing your setup—certificates are not trusted by browsers but have no rate limits.
ZeroSSL: When you've hit Let's Encrypt rate limits or prefer an alternative CA.

Dashboard Certificate Status

The Certificate Status Card on your dashboard shows:

Total certificates managed
Certificates expiring soon (within 30 days)
Any failed certificate requests

Click on any certificate to view details including expiration date, domains covered, and issuer information.

Smart Certificate Cleanup

When you delete a proxy host, Charon automatically:

Removes the certificate from Caddy's configuration
Cleans up any associated ACME data
Frees up rate limit quota for new certificates

This prevents certificate accumulation and keeps your system tidy.

Troubleshooting

Issue	Solution
Certificate not issued	Ensure ports 80/443 are accessible from the internet
Rate limit exceeded	Switch to Let's Encrypt Staging or ZeroSSL temporarily
Domain validation failed	Verify DNS points to your Charon server

Proxy Hosts — Configure HTTPS for your services
DNS Providers — Use DNS challenge for wildcard certificates
Back to Features

3.1 KiB Raw Blame History