I am trying to use Caddy 2.6.2 with Sectigo’s ACME server. I’ve found lots of “oh here’s the tiny snippet that made it work” answers but I can’t figure out how to integrate it into the whole.
Can someone give me an example complete Caddyfile that, for example, serves the files at /var/www/html using domain myexample.com, and gets a certificate for that domain using:
ACME URL: https://acme.sectigo.com/v2/InCommonECCOV
Account ID: my_account_id
Key ID: my_key_id
HMAC key: my_hmac_key
You’ll need to upgrade to the latest version (Caddy 2.9, soon 2.10, so actually if you can use the beta that would be even better!) since Caddy 2.6 isn’t supported anymore.
But here you go, for the latest version of Caddy:
{
acme_ca https://acme.sectigo.com/v2/InCommonECCOV
acme_eab {
key_id my_key_id
mac_key my_hmac_key
}
}
myexample.com {
root /var/www/html
file_server
}
Thanks! That got me a lot further. Now I’m getting:
2025/04/15 14:23:36.415 ERROR tls.obtain could not get certificate from issuer {"identifier": "scanbuddy.mclean.harvard.edu", "issuer": "acme.sectigo.com-v2-InCommonECCOV", "error": "HTTP 401 urn:ietf:params:acme:error:unauthorized - A requested identifier has not been delegated [scanbuddy.mclean.harvard.edu]"}
2025/04/15 14:23:36.415 ERROR tls.obtain will retry {"error": "[scanbuddy.mclean.harvard.edu] Obtain: [scanbuddy.mclean.harvard.edu] creating new order: attempt 1: https://acme.sectigo.com/v2/InCommonECCOV/newOrder: HTTP 401 urn:ietf:params:acme:error:unauthorized - A requested identifier has not been delegated [scanbuddy.mclean.harvard.edu] (ca=https://acme.sectigo.com/v2/InCommonECCOV)", "attempt": 1, "retrying_in": 60, "elapsed": 0.901488416, "max_duration": 2592000}
but that’s clearly something I need to take up with Sectigo I guess?
Yeah, I think so. Not sure what that error means.