Caddy with Sectigo ACME

I am trying to use Caddy 2.6.2 with Sectigo’s ACME server. I’ve found lots of “oh here’s the tiny snippet that made it work” answers but I can’t figure out how to integrate it into the whole.

Can someone give me an example complete Caddyfile that, for example, serves the files at /var/www/html using domain myexample.com, and gets a certificate for that domain using:

ACME URL: https://acme.sectigo.com/v2/InCommonECCOV
Account ID: my_account_id
Key ID: my_key_id
HMAC key: my_hmac_key

You’ll need to upgrade to the latest version (Caddy 2.9, soon 2.10, so actually if you can use the beta that would be even better!) since Caddy 2.6 isn’t supported anymore.

But here you go, for the latest version of Caddy:

{
    acme_ca https://acme.sectigo.com/v2/InCommonECCOV
    acme_eab {
      key_id  my_key_id
      mac_key my_hmac_key
    }
}

myexample.com {
    root /var/www/html
    file_server
}

Thanks! That got me a lot further. Now I’m getting:

2025/04/15 14:23:36.415 ERROR   tls.obtain      could not get certificate from issuer   {"identifier": "scanbuddy.mclean.harvard.edu", "issuer": "acme.sectigo.com-v2-InCommonECCOV", "error": "HTTP 401 urn:ietf:params:acme:error:unauthorized - A requested identifier has not been delegated [scanbuddy.mclean.harvard.edu]"}
2025/04/15 14:23:36.415 ERROR   tls.obtain      will retry      {"error": "[scanbuddy.mclean.harvard.edu] Obtain: [scanbuddy.mclean.harvard.edu] creating new order: attempt 1: https://acme.sectigo.com/v2/InCommonECCOV/newOrder: HTTP 401 urn:ietf:params:acme:error:unauthorized - A requested identifier has not been delegated [scanbuddy.mclean.harvard.edu] (ca=https://acme.sectigo.com/v2/InCommonECCOV)", "attempt": 1, "retrying_in": 60, "elapsed": 0.901488416, "max_duration": 2592000}

but that’s clearly something I need to take up with Sectigo I guess?

1 Like

Yeah, I think so. Not sure what that error means.