Kindly share the Caddyfile. You can mask hostnames or other private values.

Here is config, output from caddy start up is below. The www. redir possibly is browser cache i never get anything in the caddy logs for the redir even if i add log/errors but i didn't bother to check dev tools in browser.

### WORKING
[REDACT], [REDACT] {
  tls [REDACT]@[REDACT]
  log stdout
  errors stderr

  proxy / rsvp:6060
}

### WORKING
[REDACT] {
  log stdout
  errors stderr
  tls [REDACT]@[REDACT]

  header / {
    Strict-Transport-Security "max-age=31536000; includeSubDomains"
  }

  root /sites/[REDACT]/public
  ext .html
}

### WORKING
www.[REDACT] {
  tls [REDACT]@[REDACT]
  redir https://[REDACT]{uri}
}

### NOT WORKING (listening on :2015)
# ERROR in Browser: No such host at :443
[REDACT] {
  log stdout
  errors stderr
  tls /etc/caddy/ssl/[REDACT].crt /etc/caddy/ssl/[REDACT].key

  header / {
    Strict-Transport-Security "max-age=31536000; includeSubDomains"
  }

  proxy / gogs:3000 {
    websocket
    except /lita
  }

  # hide our lita-bot location
  proxy /lita http://[REDACT]:40080/ {
    without /lita
  }
}

### WORKING (even though log only shows www.[REDACT]:2015 ?!?!)
www.[REDACT] {
  tls /etc/caddy/ssl/[REDACT].crt /etc/caddy/ssl/[REDACT].key
  redir https://[REDACT]{uri}
}

Output from caddy startup

Activating privacy features... done.
[working]:443
www.[working]:443
[working]:443
www.[working]:443
[not-working]:2015
www.[not-working]:2015
[working]:80
www.[working]:80
[working]:80
www.[working]:80

Talked with @abiosoft on gitter. I forcibly defined https://host, http://host and this is working now. Though not entirely sure why this changed, @abiosoft was a little surprised it worked how I had it in the first place.

I'll leave it up to maintainers to do what they wish with this issue. Though I will say the host definition / port / tls option logic can be a little confusing. maybe related to #384

I thought Caddy doesn't do automatic http -> https handling/redirect when you specify your own tls certificates, that's only applicable when it is auto.

@zacheryph's Caddyfile looks like this.

site.com {
    tls /path/to/cert.crt  /path/to/cert.key
    ...
}

So I was a bit surprised when he said it's been working pre 0.8.2.

This is working as expected; Caddy does not enable automatic HTTPS when you bring your own certificates; thus you have to set the port yourself. Caddy treats this as kind of a "manual" mode.

May I ask for the decision to be reconsidered? It's very surprising to change something as trivial as the certificate and seeing the port change. Principle of least surprise and all that.

@FiloSottile Yeah, I'm looking into this with 0.9. Automatic HTTPS has lots of moving parts to make it work, and it's difficult to define which parts belong to "managed TLS" and which parts belong to "TLS" in general.

I'm thinking that enabling TLS -- no matter where the certificates come from -- should still set up the redirection and port just like with fully managed TLS.