How to configure ZeroSSL as the only cert issuer

Mike_Guthrie · June 9, 2025, 11:28pm

1. The problem I’m having:

I’m attempting to to use the Automatic Https feature with the JSON config, and I can’t seem to get my caddy instance to actually use my ZeroSSL account (I’d like to create wildcard certs). I’ve tried adding my credential information for both zerossl and the acme issuer blocks to point to zerossl, but neither seem to work. I am getting a cert back from Let’sEncrypt, but no matter what I try, it does not use ZeroSSL and uses LE instead. Here’s my tls block:

    "tls": {
      "automation": {
        "policies": [
          {
            "subjects": ["*"],
            "issuers": [{
              "module": "zerossl",
              "api_key": "12345"
            },
             {
                "module": "acme",
                "ca": "https://acme.zerossl.com/v2/DV90",
                "email": "me@example.com",
                "external_account": {
                  "key_id": "12345",
                  "mac_key": "12345"
                }

              }
            ]
          }
        ],
        "on_demand": {
          "ask": "http://localhost:9000"
        }
      }
    }

2. Error messages and/or full log output:

Jun 09 23:21:42 ip-172-31-60-124 caddy[6611]: {"level":"error","ts":1749511302.0365279,"logger":"tls.obtain","msg":"could not get certificate from issuer","identifier":"*.sampledomain.io","issuer":"acme-v02.api.letsencrypt.org-directory","error":"[*.sampledomain.io] solving challenges: *.sampledomain.io: no solvers available for remaining challenges (configured=[http-01 tls-alpn-01] offered=[dns-01] remaining=[dns-01]) (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/204842824/25230601234) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)"}
Jun 09 23:21:42 ip-172-31-60-124 caddy[6611]: {"level":"error","ts":1749511302.0365744,"logger":"tls.obtain","msg":"will retry","error":"[*.sampledomain.io] Obtain: [*.sampledomain.io] solving challenges: *.sampledomain.io: no solvers available for remaining challenges (configured=[http-01 tls-alpn-01] offered=[dns-01] remaining=[dns-01]) (order=https://acme-staging-v02.api.letsencrypt.org/acme/order/204842824/25230601234) (ca=https://acme-staging-v02.api.letsencrypt.org/directory)","attempt":4,"retrying_in":300,"elapsed":301.720029988,"max_duration":2592000}

3. Caddy version:

v2.10.0 h1:fonubSaQKF1YANl8TXqGcn4IbIRUDdfAkpcsfI/vX5U=

4. How I installed and ran Caddy:

Using the apt install for Ubuntu 24 based on the caddy documentation, it is running under systemd

a. System environment:

systemd - Ubuntu 24