You could use mTLS with Caddy to secure the connection between your front Caddy instance (which acts like an ACME CA) and your backend one.
Example setup here:
Or just proxy over HTTP (plaintext) between Traefik and Caddy if you can’t manage to establish trust between them.