Acme_server allow domains

tribor · May 8, 2025, 3:36pm

1. The problem I’m having:

I want to limit the names of certs that can be created by the CA. However I can no figure out how to syntax work for the allow part.

2. Error messages and/or full log output:

Error: adapting config using caddyfile: parsing caddyfile tokens for 'acme_server': wrong argument count or unexpected line ending after '30d', at Caddyfile:27

3. Caddy version:

v2.10.0 h1:fonubSaQKF1YANl8TXqGcn4IbIRUDdfAkpcsfI/vX5U=

4. How I installed and ran Caddy:

a. System environment:

Alpine Linux 3.21

b. Command:

caddy reload

c. Service/unit/compose file:

d. My complete Caddy config:

{
	debug
	pki {
		ca home {
			name "My Home CA"
			intermediate_lifetime 60d
		}
	}
}

c1 {
	log {
		output file log
		format json
	}

	tls {
		issuer internal {
			ca home
		}
	}
	acme_server {
		ca home
		allow {
			domains exampleA.com exampleB.com
		}
		lifetime 30d
		challenges http-01
	}
}

5. Links to relevant resources:

matt · May 8, 2025, 3:46pm

Oh that might be a bug. @Mohammed90 do you know if these nested loops are correct?

github.com/caddyserver/caddy

modules/caddypki/acmeserver/caddyfile.go

9f7148392


      
          			for h.Next() {
          				for h.NextBlock(h.Nesting() - 1) {

Mohammed90 · May 8, 2025, 5:22pm

Oops – sorry, I have no clue where my brain was back then. It should be fixed here:

matt · May 9, 2025, 4:10am

You’re awesome Mohammed – thank you!!