I have a site that some clients need to connect to with RSA certificates. I still want the more modern clients to be able to connect with ECC. All other sites use ECC only.
How do I configure that one site with dual certificates?
It’s not currently possible to automate issuance of two certs for the same subject with different key types. One problem is the storage key does not differentiate itself based on the key type, so it’s not possible to store two sets of cert/key pairs for a particular subject currently.
It should be possible to load two different cert/key pairs that you provide yourself to Caddy. You’d have to use JSON config though, the Caddyfile doesn’t support configuring this right now (because nobody’s really needed it, it’s very niche). This had been requested in Multiple certificate support (e.g. ECDSA & RSA) · Issue #1575 · caddyserver/caddy · GitHub.