Check the Identity and Remote Administration parts of the article.
Basically, the admin endpoint natively supports mTLS. You can use that. Have a common CA for the servers to trust, and get a client cert from that CA to use in CaddyManager.