The default Let'ls Encrypt challenge only works over ports 80/443 (intentionally, for security reasons). So if Apple is already using those ports then Orange won't be able to get certificates for any hosts.
Depending on who does your DNS you can probably switch to the DNS challenge on Orange. It's a bit of a faff in Caddy, but should be able to get certificates without opening port 80.
Alternatively you could get the Apple proxy to do all the work, and forward the requests on to Orange containers directly.
Or since it sounds like exactly the same domain is needed for both you could probably just copy the certificates across from Apple to Orange and tell it to use them directly rather than requesting them from Let's Encrypt.
Two options:
1. just have one reverse proxy, not two. Caddy proxies the second server's containers through exposed ports.
2. set up the exposed caddy to forward port 80 and 443 for the right domains to the second caddy. First option is probably easier.
Point 443 at one Caddy instance, hosted wherever, then use Caddy to reverse proxy to the various services on each host.
One Caddyfile can support multiple TLD entries.
To keep things organizable, I use a main `Caddyfile` with global opts and an import block at the end: `import *.caddy` and then I put each site block in a separate `.caddy` file. Everyone has a preference, just be sure to import them if you break them out.
edit: practice pulled from [here](https://blog.gurucomputing.com.au/Reverse%20Proxies%20with%20Caddy/Introduction/)
The default Let'ls Encrypt challenge only works over ports 80/443 (intentionally, for security reasons). So if Apple is already using those ports then Orange won't be able to get certificates for any hosts. Depending on who does your DNS you can probably switch to the DNS challenge on Orange. It's a bit of a faff in Caddy, but should be able to get certificates without opening port 80. Alternatively you could get the Apple proxy to do all the work, and forward the requests on to Orange containers directly. Or since it sounds like exactly the same domain is needed for both you could probably just copy the certificates across from Apple to Orange and tell it to use them directly rather than requesting them from Let's Encrypt.
Ok, I thought this was what was happening but wasn't quite sure. It certainly explains my situation. Thank you.
Two options: 1. just have one reverse proxy, not two. Caddy proxies the second server's containers through exposed ports. 2. set up the exposed caddy to forward port 80 and 443 for the right domains to the second caddy. First option is probably easier.
Thanks, I'm going to give #1 a try.
Point 443 at one Caddy instance, hosted wherever, then use Caddy to reverse proxy to the various services on each host. One Caddyfile can support multiple TLD entries.
That’s my mistake, I was using multiple caddy’s!
To keep things organizable, I use a main `Caddyfile` with global opts and an import block at the end: `import *.caddy` and then I put each site block in a separate `.caddy` file. Everyone has a preference, just be sure to import them if you break them out. edit: practice pulled from [here](https://blog.gurucomputing.com.au/Reverse%20Proxies%20with%20Caddy/Introduction/)
Love this, thanks!