Caddy provides a feature called On Demand TLS that allows you to lazily generate SSL certificates when a request is made. This is handy for applications with custom domains that a user specifies.

You can enable On Demand TLS by editing your Cluster's settings and specifying the on_demand_tls config and setting the https:// handler to use it as well as forwarding requests to a specific app.

{
  on_demand_tls {
    ask http://localhost:9000/domain_check # This should point to your application
  }
  %{auto_https}
  servers {
    trusted_proxies static %{trusted_proxies}
  }
}

%{apps}

# Unknown domains should be routed to the app and use on demand tls
https:// {
  tls {
    on_demand
  }

  # Send requests to this app
  import can-do
}

Only one On Demand TLS endpoint is configurable per cluster.