Web Server

Caddy Releases

Q: What makes Caddy different from Nginx?

Caddy's headline feature is automatic HTTPS: it provisions and renews TLS certificates from Let's Encrypt (or ZeroSSL) with zero configuration. No certbot, no cron jobs, no config. Beyond that, Caddy is a single static binary written in Go, which means no dependencies and trivial deployment. The Caddyfile config format is also significantly simpler than nginx.conf for common use cases.

Q: Is Caddy production-ready?

Yes. Caddy v2 has been production-stable since 2020. It handles high-traffic sites, serves as a reverse proxy for production APIs, and is used by companies ranging from startups to enterprises. Its resource usage is slightly higher than Nginx at extreme scale (100K+ concurrent connections) due to Go's garbage collector, but for the vast majority of deployments this is not a concern.

Q: How does Caddy handle automatic HTTPS?

When you configure a site with a domain name, Caddy automatically obtains a TLS certificate via ACME (from Let's Encrypt or ZeroSSL), sets up HTTPS redirects, enables OCSP stapling, and handles certificate renewal before expiry. It also provisions certificates for local development (using an internal CA). You can override all of this, but the defaults cover 95% of use cases.

Q: Can I migrate from Caddy v1 to v2?

Caddy v2 was a complete rewrite. The Caddyfile syntax changed significantly, the plugin system was replaced with a module system, and the internal architecture is entirely different. There is no automated migration tool. You need to rewrite your Caddyfile from scratch using the v2 documentation. For most configs this takes 30-60 minutes. Caddy v1 has been EOL since 2020.

Q: What is the Caddy module ecosystem?

Caddy uses Go modules for extensibility. You build a custom Caddy binary with the modules you need using xcaddy (the official build tool). Popular modules include caddy-security (authentication), caddy-dns (DNS challenge providers), caddy-docker-proxy (Docker label-based config), and caddy-ratelimit. The module ecosystem is smaller than Nginx's but growing.

Q: Caddyfile vs JSON config: which should I use?

Use the Caddyfile for human-managed configs. It is concise and readable. Use JSON config for programmatic/API-driven configuration (Caddy has a full admin API that accepts JSON). The Caddyfile is actually converted to JSON internally, so they are functionally equivalent. Most teams use Caddyfile and only touch JSON when automating.

Track Caddy web server releases and version lifecycle. Automatic HTTPS, Caddyfile evolution, module ecosystem, and migration guidance from v1 to v2.

Official Site Documentation

—

Total Versions

—

Supported

—

Latest

Version Timeline

All tracked releases with lifecycle status and EOL dates.

Loading version data…

Lifecycle Timeline

Visual overview of active support and maintenance windows.

2.0

2.4

2.5

2.6

2.7

2.8

2.9

2020 2021 2022 2023 2024 2025 2026 2027 2028

Active

Maint

Active

Maint

Active

Maint

Active

Maint

Active

Maint

Active

Maint

Active

Maint

Active / LTS

Maintenance

Today

Upgrade Paths

Migration guidance between major versions — breaking changes, effort estimates, and tips.

Caddy v1 Caddy v2 High Difficulty

Est. 1-4 hours depending on config complexity

Breaking Changes

Complete rewrite — all config must be rewritten
Caddyfile syntax entirely different
Plugin system replaced by Go module system (xcaddy)
CLI flags and arguments changed
No automatic migration tool available
Middleware concept replaced by handler/matcher model

Migration Notes

This is effectively a new product. Rewrite your Caddyfile from the v2 docs. The good news: v2 Caddyfiles are usually shorter and more intuitive. If you had custom v1 plugins, they must be rewritten as v2 modules. Caddy v1 is EOL since 2020 with no security patches.

2.6 and older 2.8+ Low Difficulty

Est. < 30 minutes (+ xcaddy rebuild if using modules)

Breaking Changes

Some Caddyfile directives gained new options
Default TLS policy updates (stricter cipher suites)
Admin API endpoint changes
Improved error handling may surface previously silent issues

Migration Notes

Minor version upgrades within v2 are consistently smooth. Download the new binary (or update your container image), test with caddy validate, restart. Caddy maintains strong backward compatibility within the v2 line. The hardest part is usually rebuilding with xcaddy if you use custom modules.

Version Risk Assessment

Evaluate risk factors before choosing a version for production.

Version	EOL Risk	CVE Risk	Ecosystem	Cloud Support	Overall	Recommended Action
Caddy v1 (any)	Critical	Critical	Dead	None	Critical	EOL since 2020 — rewrite config for v2 now
Caddy 2.6 and older	High	High	Unsupported	Varies	High	No patches — upgrade to latest 2.x
Caddy 2.7	High	Medium	Unsupported	Full	High	Superseded — upgrade to 2.8+
Caddy 2.8	Medium	Low	Supported	Full	Medium	Supported — upgrade when convenient
Caddy 2.9	None	Low	Active	Full	Low	Latest — recommended

Caddy does not have formal LTS branches. The latest release gets patches. Older versions stop receiving updates. Risk assessed March 2026.

Caddy v2 Feature Comparison

Side-by-side feature differences across major versions.

Feature	2.5	2.6	2.7	2.8	2.9
Automatic HTTPS	Stable	Stable	Stable	Stable	Stable
HTTP/3 (QUIC)	Experimental	Stable	Stable	Stable	Enhanced
On-Demand TLS	Stable	Stable	Enhanced	Enhanced	Enhanced
Caddyfile named routes	No	No	Stable	Stable	Stable
Admin API	v2	v2	v2.1	v2.1	v2.1
Dynamic upstreams	Basic	Improved	Improved	Enhanced	Enhanced
ZeroSSL integration	Stable	Stable	Stable	Stable	Stable
CEL matcher expressions	No	No	Experimental	Stable	Stable
Structured access logs	JSON	JSON	JSON	JSON+	JSON+
Go module build (xcaddy)	v0.2	v0.3	v0.3	v0.4	v0.4

Embed Badges

Add live Caddy status badges to your README, docs, or dashboard.

Health Status

Overall support health

![Caddy Health Status](https://img.releaserun.com/badge/health/caddy.svg)

EOL Countdown

Next end-of-life date

![Caddy EOL Countdown](https://img.releaserun.com/badge/eol/caddy.svg)

Latest Version

Current stable release

![Caddy Latest Version](https://img.releaserun.com/badge/v/caddy.svg)

CVE Status

Known vulnerabilities

![Caddy CVE Status](https://img.releaserun.com/badge/cve/caddy.svg)

Frequently Asked Questions

Common questions about Caddy releases and lifecycle.

What makes Caddy different from Nginx?

Caddy's headline feature is automatic HTTPS: it provisions and renews TLS certificates from Let's Encrypt (or ZeroSSL) with zero configuration. No certbot, no cron jobs, no config. Beyond that, Caddy is a single static binary written in Go, which means no dependencies and trivial deployment. The Caddyfile config format is also significantly simpler than nginx.conf for common use cases.

Is Caddy production-ready?

Yes. Caddy v2 has been production-stable since 2020. It handles high-traffic sites, serves as a reverse proxy for production APIs, and is used by companies ranging from startups to enterprises. Its resource usage is slightly higher than Nginx at extreme scale (100K+ concurrent connections) due to Go's garbage collector, but for the vast majority of deployments this is not a concern.

How does Caddy handle automatic HTTPS?

When you configure a site with a domain name, Caddy automatically obtains a TLS certificate via ACME (from Let's Encrypt or ZeroSSL), sets up HTTPS redirects, enables OCSP stapling, and handles certificate renewal before expiry. It also provisions certificates for local development (using an internal CA). You can override all of this, but the defaults cover 95% of use cases.

Can I migrate from Caddy v1 to v2?

Caddy v2 was a complete rewrite. The Caddyfile syntax changed significantly, the plugin system was replaced with a module system, and the internal architecture is entirely different. There is no automated migration tool. You need to rewrite your Caddyfile from scratch using the v2 documentation. For most configs this takes 30-60 minutes. Caddy v1 has been EOL since 2020.

What is the Caddy module ecosystem?

Caddy uses Go modules for extensibility. You build a custom Caddy binary with the modules you need using xcaddy (the official build tool). Popular modules include caddy-security (authentication), caddy-dns (DNS challenge providers), caddy-docker-proxy (Docker label-based config), and caddy-ratelimit. The module ecosystem is smaller than Nginx's but growing.

Caddyfile vs JSON config: which should I use?

Use the Caddyfile for human-managed configs. It is concise and readable. Use JSON config for programmatic/API-driven configuration (Caddy has a full admin API that accepts JSON). The Caddyfile is actually converted to JSON internally, so they are functionally equivalent. Most teams use Caddyfile and only touch JSON when automating.

Related Tools

Dep EOL Scanner

Check your dependencies for end-of-life packages.

Stack Health Scorecard

Get an overall health grade for your tech stack.

Release Index

Browse all tracked platforms and their release timelines.