CAfile along with key and crt files?

sjlukacs · December 31, 2025, 2:51pm

good morning,

I find caddy fast and efficient with reverse_proxy to py4web and that it generates and maintains ssl certificates. I see that it generates the proper key and crt files but not a CAfile, which I can use and point to for SSL/TLS in postfix and dovecot.

does caddy already have the capability to also generate and maintain a CAfile along with the key and crt files and if so how do I turn that on?

if not, then how to I point caddy to a letsencrypt location of certificates, keys, pems, etc., so that caddy can use those and either maintain those certificates in the letsencrypt location or turn that feature off?

thank you in advance. Lucas
oh, sorry, setting up a Debian 13.2 server with linux kernel 6.12.

matt · December 31, 2025, 3:55pm

By “CAfile” do you mean the CA’s root cert? Or your own self-signed root cert?

sjlukacs · December 31, 2025, 4:23pm

ok, in the postfix world we’re looking for:

smtp_tls_cert_file = /etc/letsencrypt/live/mail.example.com/fullchain.pem
smtp_tls_key_file = /etc/letsencrypt/live/mail.example.com/privkey.pem
smtp_tls_CApath = /etc/ssl/certs
smtp_tls_CAfile = /etc/ssl/certs/ca-bundle.crt

where smtp is for accepts mail and there are similar for smtpd_tls_… settings for sending mail to other servers.

I hope that makes sense and is a help. Lucas

Bruce5051 · December 31, 2025, 5:13pm

On my Ubuntu 24.04.3 it seems to be part of the distribution. Not supplied by any specific CA.