Embedded ACME CA caddy configuration

Is it already possible to configure the acme embedded ca via normal caddyfile (not json)
the examples of the PR are very complex, i have searched the forum also.

I have an existing CA and want to migrate from boulder to caddy embedded stepca. I cannot find any example of a simple Caddyfile using the stepca pki.

Caddy should just use the given intermediate CA pem/key ( i dont have the private key of the root ca) to sign acme clients.

I have something like that but it doesnt work:

{
  pki {
    ca testca {
      name            "myca"
      root_cn         "myca"
      intermediate_cn "myca"
      root {
        format "pem_file"
        cert  /root/ica.pem
        key   /root/ica.key
      }
    }
  }
}

:80 {
        # Set this path to your site's directory.
        root * /usr/share/caddy

        # Enable the static file server.
        file_server

        # Another common task is to set up a reverse proxy:
        # reverse_proxy localhost:8080

        # Or serve a PHP site through php-fpm:
        # php_fastcgi localhost:9000
}

# Refer to the Caddy docs for more information:
# https://caddyserver.com/docs/caddyfile

acme_server * {
        ca testca
}

solved it using a static cert for :443 and the same root/intermediate cert:


{
  pki {
    ca company {
      name            "company x"
      root_cn         "company x 2022"
      intermediate_cn "company x 2022" 
      root {
        format "pem_file"
		cert  folderca/company_ca.pem
		key   folderca/company_ca.key
      }
      intermediate {
        format "pem_file"
		cert  folderca/company_ca.pem
		key   folderca/company_ca.key
      }
    }
  }
}

:443 {
	root * /usr/share/caddy

	acme_server /acme/* {
		ca company
		sign_with_root true
		lifetime 30d
	}
	
	tls folderca/cert.pem.bundle folderca/cert-key.pem
}
1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.