Skip to main content

max / makenotwork

Retire dl.maxj.phd download host; let maxj.phd apex use on-demand LE The maxj-phd-origin.pem (CF Origin cert, SANs *.maxj.phd + maxj.phd) was loaded via the dl.maxj.phd block's maxjphd_tls import, so Caddy served it for SNI=maxj.phd and preempted the :443 on-demand-TLS catch-all. With the apex now grey-clouded, that Origin cert is untrusted by browsers. Removing the dl block and the maxjphd_tls snippet unloads it, so maxj.phd falls through to on-demand Let's Encrypt. MNW now serves all downloads. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Author: Max Johnson <me@maxj.phd> · 2026-06-09 14:17 UTC
Commit: 609ab6a53bc39f7fe0a4ca82cce72d3fb578e6ce
Parent: 97c0023
1 file changed, +4 insertions, -29 deletions
M server/deploy/Caddyfile +4 -29
@@ -127,35 +127,10 @@ cdn.makenot.work {
127 127 }
128 128 }
129 129
130 - # maxj.phd TLS config: separate Origin CA cert + Authenticated Origin Pulls (mTLS)
131 - (maxjphd_tls) {
132 - tls /etc/caddy/maxj-phd-origin.pem /etc/caddy/maxj-phd-origin-key.pem {
133 - client_auth {
134 - mode require_and_verify
135 - trusted_ca_cert_file /etc/caddy/cloudflare-authenticated-origin-pull-ca.pem
136 - }
137 - }
138 - }
139 -
140 - # Static file downloads (audiofiles binaries, etc.)
141 - dl.maxj.phd {
142 - import maxjphd_tls
143 -
144 - root * /opt/downloads
145 - file_server browse
146 -
147 - header {
148 - X-Content-Type-Options "nosniff"
149 - Strict-Transport-Security "max-age=31536000; includeSubDomains"
150 - }
151 -
152 - encode gzip zstd
153 -
154 - log {
155 - output file /var/log/caddy/dl-maxjphd.log
156 - format json
157 - }
158 - }
130 + # dl.maxj.phd download host retired 2026-06-09 — MNW now serves all downloads
131 + # (creator product pages / makenot.work DMGs). The maxjphd_tls mTLS snippet and
132 + # the dl.maxj.phd file_server block were removed with it; the /etc/caddy/maxj-phd-origin*
133 + # cert/key are now unused on prod and can be deleted there.
159 134
160 135 # Redirect www to canonical domain
161 136 # Note: makenotwork.com and www.makenotwork.com redirects are handled by