cadddy tries to get certificates from Let’s Encrypt and ZeroSSL.
How can I disable the usage of ZeroSSL, so that caddy only tries to get a certificate from Let’s Encrypt?
But why though? Using both issuers means you have redundancy, it lowers the risk of your site having downtime if Let’s Encrypt has an outage.
Please fill out the help topic template as per the forum rules.
1. The problem I’m having:
I’m trying to not use ZeroSSL. I don’t know to disable it and can’t find that info on the internet.
While learning caddy, I’d like to reduce complexity as much as possible. Having fewer moving parts makes it easier for me to spot issues and fix them.
2. Error messages and/or full log output:
Doesn’t apply
3. Caddy version:
v2.7.6
4. How I installed and ran Caddy:
Downloaded the caddy binary from Download Caddy.
a. System environment:
Debian 12.5, 64bit, no docker
b. Command:
Does not apply
c. Service/unit/compose file:
Does not apply
d. My complete Caddy config:
:80 {
reverse_proxy :8080
}
Hi @anon62604972,
Do you plan or expect older Androids (like Android 7 and earlier)?
If YES I would choose ZeroSSL since Let’s Encrypt
Here are a few links on the issue:
- Support for Android 5.x/6.x/7.x after DST Root CA X3 expiration - Help - Let's Encrypt Community Support
- Certificate chain validation fails on OLDer android devices - Help - Let's Encrypt Community Support
- ERR_CERT_AUTHORITY_INVALID since a few days on Android 6 - Help - Let's Encrypt Community Support
- Old android tablets can't connect to LE certs anymore - Help - Let's Encrypt Community Support
- Lets encrypt 15th May DST Root CA X3 - Help - Let's Encrypt Community Support
- [help] Which certificates to install on Android 4.4 - #2 by MikeMcQ - Help - Let's Encrypt Community Support
- Chain of Trust - Let's Encrypt
Edit: and there is this potential issue as well
Any defaults can be overridden with explicit configuration.
Assuming you’re using the Caddyfile, the acme_ca
global option:
Hi Bruce, TY for the caveats. There are no older Android devices on my network, so from that angle, I’m good.
The LE info doesn’t apply as I’m using DNS challenge.
OK, so that means if I explicitly set acme_ca
then caddy no longer defaults to using both LE and ZeroSSL, but limits itself to exactly that ca. TY!
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.