diff --git a/0001-Disable-commands-that-can-alter-the-binary.patch b/0001-Disable-commands-that-can-alter-the-binary.patch
new file mode 100644
index 0000000..3b48ffb
--- /dev/null
+++ b/0001-Disable-commands-that-can-alter-the-binary.patch
@@ -0,0 +1,71 @@
+From 7bf03a1414b1ebc1a9ef573369fe8e7ee9956a33 Mon Sep 17 00:00:00 2001
+From: Carl George <carl@george.computer>
+Date: Wed, 16 Feb 2022 11:45:03 -0600
+Subject: [PATCH] Disable commands that can alter the binary
+
+---
+ cmd/commands.go | 48 ------------------------------------------------
+ 1 file changed, 48 deletions(-)
+
+diff --git a/cmd/commands.go b/cmd/commands.go
+index 1e2c40de..cc091bce 100644
+--- a/cmd/commands.go
++++ b/cmd/commands.go
+@@ -289,54 +289,6 @@ is always printed to stdout.`,
+ 		}(),
+ 	})
+ 
+-	RegisterCommand(Command{
+-		Name:  "upgrade",
+-		Func:  cmdUpgrade,
+-		Short: "Upgrade Caddy (EXPERIMENTAL)",
+-		Long: `
+-Downloads an updated Caddy binary with the same modules/plugins at the
+-latest versions. EXPERIMENTAL: May be changed or removed.`,
+-		Flags: func() *flag.FlagSet {
+-			fs := flag.NewFlagSet("upgrade", flag.ExitOnError)
+-			fs.Bool("keep-backup", false, "Keep the backed up binary, instead of deleting it")
+-			return fs
+-		}(),
+-	})
+-
+-	RegisterCommand(Command{
+-		Name:  "add-package",
+-		Func:  cmdAddPackage,
+-		Usage: "<packages...>",
+-		Short: "Adds Caddy packages (EXPERIMENTAL)",
+-		Long: `
+-Downloads an updated Caddy binary with the specified packages (module/plugin)
+-added. Retains existing packages. Returns an error if the any of packages are 
+-already included. EXPERIMENTAL: May be changed or removed.
+-`,
+-		Flags: func() *flag.FlagSet {
+-			fs := flag.NewFlagSet("add-package", flag.ExitOnError)
+-			fs.Bool("keep-backup", false, "Keep the backed up binary, instead of deleting it")
+-			return fs
+-		}(),
+-	})
+-
+-	RegisterCommand(Command{
+-		Name:  "remove-package",
+-		Func:  cmdRemovePackage,
+-		Usage: "<packages...>",
+-		Short: "Removes Caddy packages (EXPERIMENTAL)",
+-		Long: `
+-Downloads an updated Caddy binaries without the specified packages (module/plugin). 
+-Returns an error if any of the packages are not included. 
+-EXPERIMENTAL: May be changed or removed.
+-`,
+-		Flags: func() *flag.FlagSet {
+-			fs := flag.NewFlagSet("remove-package", flag.ExitOnError)
+-			fs.Bool("keep-backup", false, "Keep the backed up binary, instead of deleting it")
+-			return fs
+-		}(),
+-	})
+-
+ }
+ 
+ // RegisterCommand registers the command cmd.
+-- 
+2.35.1
+
diff --git a/caddy-api.service b/caddy-api.service
index f13b510..47e6648 100644
--- a/caddy-api.service
+++ b/caddy-api.service
@@ -13,6 +13,7 @@ Documentation=https://caddyserver.com/docs/
 After=network.target
 
 [Service]
+Type=notify
 User=caddy
 Group=caddy
 ExecStart=/usr/bin/caddy run --environ --resume
diff --git a/caddy.service b/caddy.service
index b028aea..88843db 100644
--- a/caddy.service
+++ b/caddy.service
@@ -14,6 +14,7 @@ Documentation=https://caddyserver.com/docs/
 After=network.target
 
 [Service]
+Type=notify
 User=caddy
 Group=caddy
 ExecStartPre=/usr/bin/caddy validate --config /etc/caddy/Caddyfile
diff --git a/caddy.spec b/caddy.spec
index 47093e1..dc1ab26 100644
--- a/caddy.spec
+++ b/caddy.spec
@@ -6,8 +6,7 @@
 
 # https://github.com/caddyserver/caddy
 %global goipath         github.com/caddyserver/caddy
-%global goaltipaths     github.com/mholt/caddy
-%global basever         2.3.0
+%global basever         2.4.6
 #global prerel          rc
 #global prerelnum       3
 Version:                %{basever}%{?prerel:~%{prerel}%{prerelnum}}
@@ -17,25 +16,11 @@ Version:                %{basever}%{?prerel:~%{prerel}%{prerelnum}}
 %global common_description %{expand:
 Caddy is the web server with automatic HTTPS.}
 
-%global golicenses      LICENSE
-%global godocs          README.md AUTHORS
-
-# added in F32, remove in F34
-%global godevelheader %{expand:
-Obsoletes:      golang-github-mholt-caddy-devel < 1.0.0-3
-}
-
-%if %{with vendor}
-# added in F33, remove in F35 (or sooner if de-vendoring)
-Obsoletes:      golang-github-caddyserver-caddy-devel < 1.0.4-2
-%endif
-
-
 Name:           caddy
-Release:        3%{?dist}
+Release:        1%{?dist}
 Summary:        Web server with automatic HTTPS
 %if %{with vendor}
-# caddy ASL 2.0
+# github.com/caddyserver/caddy ASL 2.0
 # github.com/Masterminds/sprig/v3 MIT
 # github.com/alecthomas/chroma MIT
 # github.com/aryann/difflib MIT
@@ -43,11 +28,12 @@ Summary:        Web server with automatic HTTPS
 # github.com/dustin/go-humanize MIT
 # github.com/go-chi/chi MIT
 # github.com/google/cel-go ASL 2.0
-# github.com/jsternberg/zap-logfmt MIT
-# github.com/klauspost/compress BSD
+# github.com/google/uuid BSD
+# github.com/klauspost/compress BSD and ASL 2.0
 # github.com/klauspost/cpuid/v2 MIT
 # github.com/lucas-clemente/quic-go MIT
 # github.com/mholt/acmez ASL 2.0
+# github.com/naoina/go-stringutil MIT
 # github.com/naoina/toml MIT
 # github.com/prometheus/client_golang ASL 2.0
 # github.com/smallstep/certificates ASL 2.0
@@ -59,6 +45,7 @@ Summary:        Web server with automatic HTTPS
 # go.uber.org/zap MIT
 # golang.org/x/crypto BSD
 # golang.org/x/net BSD
+# golang.org/x/term BSD
 # google.golang.org/genproto ASL 2.0
 # google.golang.org/protobuf BSD
 # gopkg.in/natefinch/lumberjack.v2 MIT
@@ -90,8 +77,11 @@ Source4:        poweredby.png
 Source5:        bash-completion
 Source6:        zsh-completion
 
-# https://github.com/caddyserver/caddy/commit/e4ec08e977bcc9c798a2fca324c7105040990bcf
-BuildRequires:  golang >= 1.14
+# downstream only patch to disable commands that can alter the binary
+Patch:          0001-Disable-commands-that-can-alter-the-binary.patch
+
+# https://github.com/caddyserver/caddy/commit/6bc87ea2ff50a962f16dfafeb125f0f947c1a885
+BuildRequires:  golang >= 1.16
 
 %if %{with vendor}
 Provides:       bundled(golang(github.com/Masterminds/sprig/v3))
@@ -101,9 +91,9 @@ Provides:       bundled(golang(github.com/caddyserver/certmagic))
 Provides:       bundled(golang(github.com/dustin/go-humanize))
 Provides:       bundled(golang(github.com/go-chi/chi))
 Provides:       bundled(golang(github.com/google/cel-go))
-Provides:       bundled(golang(github.com/jsternberg/zap-logfmt))
+Provides:       bundled(golang(github.com/google/uuid))
 Provides:       bundled(golang(github.com/klauspost/compress))
-Provides:       bundled(golang(github.com/klauspost/cpuid))
+Provides:       bundled(golang(github.com/klauspost/cpuid/v2))
 Provides:       bundled(golang(github.com/lucas-clemente/quic-go))
 Provides:       bundled(golang(github.com/mholt/acmez))
 Provides:       bundled(golang(github.com/naoina/go-stringutil))
@@ -118,6 +108,7 @@ Provides:       bundled(golang(github.com/yuin/goldmark-highlighting))
 Provides:       bundled(golang(go.uber.org/zap))
 Provides:       bundled(golang(golang.org/x/crypto))
 Provides:       bundled(golang(golang.org/x/net))
+Provides:       bundled(golang(golang.org/x/term))
 Provides:       bundled(golang(google.golang.org/genproto))
 Provides:       bundled(golang(google.golang.org/protobuf))
 Provides:       bundled(golang(gopkg.in/natefinch/lumberjack.v2))
@@ -130,9 +121,9 @@ BuildRequires:  golang(github.com/caddyserver/certmagic)
 BuildRequires:  golang(github.com/dustin/go-humanize)
 BuildRequires:  golang(github.com/go-chi/chi)
 BuildRequires:  golang(github.com/google/cel-go)
-BuildRequires:  golang(github.com/jsternberg/zap-logfmt)
+BuildRequires:  golang(github.com/google/uuid)
 BuildRequires:  golang(github.com/klauspost/compress)
-BuildRequires:  golang(github.com/klauspost/cpuid)
+BuildRequires:  golang(github.com/klauspost/cpuid/v2)
 BuildRequires:  golang(github.com/lucas-clemente/quic-go)
 BuildRequires:  golang(github.com/mholt/acmez)
 BuildRequires:  golang(github.com/naoina/go-stringutil)
@@ -147,6 +138,7 @@ BuildRequires:  golang(github.com/yuin/goldmark-highlighting)
 BuildRequires:  golang(go.uber.org/zap)
 BuildRequires:  golang(golang.org/x/crypto)
 BuildRequires:  golang(golang.org/x/net)
+BuildRequires:  golang(golang.org/x/term)
 BuildRequires:  golang(google.golang.org/genproto)
 BuildRequires:  golang(google.golang.org/protobuf)
 BuildRequires:  golang(gopkg.in/natefinch/lumberjack.v2)
@@ -168,11 +160,8 @@ Provides:       webserver
 
 
 %prep
-%if %{with vendor}
-%goprep -k
-%else
-%goprep
-%endif
+%goprep %{?with_vendor:-k}
+%autopatch -p 1
 
 sed -e '/mod.Version/ s/unknown/%{version}-%{release}/' -i caddy.go
 
@@ -277,8 +266,8 @@ fi
 
 
 %files
-%license %{golicenses}
-%doc %{godocs}
+%license LICENSE
+%doc README.md AUTHORS
 %{_bindir}/caddy
 %{_datadir}/caddy
 %{_unitdir}/caddy.service
@@ -301,6 +290,9 @@ fi
 
 
 %changelog
+* Wed Feb 16 2022 Carl George <carl@george.computer> - 2.4.6-1
+- Latest upstream rhbz#1984163
+
 * Wed Jan 19 2022 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.0-3
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
 
diff --git a/sources b/sources
index 931c109..be5b56a 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-SHA512 (caddy-2.3.0-vendored.tar.gz) = c8919c3d1b507cd734395eaea1f3790696ed5cfdbbe017173fd2dfe0e8fb677c446c40330907e60b2483cdbf35aad1feb8af5ae2e27774e6dc8affd9d2997c98
+SHA512 (caddy-2.4.6-vendored.tar.gz) = d2a3d98f831f153dc408c6793331e16649fd0e543e4be8ec0cf8b4d3918d1e11f6e57a9459bb3ac2d7c3345e036252f7666c4b7535ced5d7b6f3f52162e850ea