From 3efda6fb3a0622cfb591f3ff904c37f171f6fe89 Mon Sep 17 00:00:00 2001
From: Matthew Holt <mholt@users.noreply.github.com>
Date: Wed, 17 Apr 2024 12:26:01 -0600
Subject: [PATCH] httpcaddyfile: Skip automate loader if disable_certs is
 specified (fix #6148)

---
 caddyconfig/httpcaddyfile/tlsapp.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/caddyconfig/httpcaddyfile/tlsapp.go b/caddyconfig/httpcaddyfile/tlsapp.go
index e5d1603e..bf3bed41 100644
--- a/caddyconfig/httpcaddyfile/tlsapp.go
+++ b/caddyconfig/httpcaddyfile/tlsapp.go
@@ -344,7 +344,7 @@ func (st ServerType) buildTLSApp(
 	internalAP := &caddytls.AutomationPolicy{
 		IssuersRaw: []json.RawMessage{json.RawMessage(`{"module":"internal"}`)},
 	}
-	if autoHTTPS != "off" {
+	if autoHTTPS != "off" && autoHTTPS != "disable_certs" {
 		for h := range httpsHostsSharedWithHostlessKey {
 			al = append(al, h)
 			if !certmagic.SubjectQualifiesForPublicCert(h) {