How to let caddy auto-renew existing certificate?

1. Caddy version:

2.6.2

2. How I installed, and run Caddy:

from docker-image

a. System environment:

linux, jammy-based docker

b. Command:

i have this directive in my caddy file:

https://x.y.z:443 {
tls /sharedFs/cert.crt /sharedFs/key.key
}

the cert is signed by letsencrypt. Is it possible to let caddy automatically renew this certificate (and keep the old key) ?

thanx

Update:

I was checking this: GitHub - caddyserver/certmagic: Automatic HTTPS for any Go program: fully-managed TLS certificate issuance and renewal
it says: " * Use in conjunction with your own certificates"

Not sure if this can solve my problem (e.g: running certmagic as an extra process to do auto-renew existing certs) , or would one need to patch the certmagic to do this ?

thanx

No, it’s not possible to give Caddy a cert issued elsewhere and renew it, because it needs the same ACME account details to do it.

There’s also no way currently to specify your own key to use for ACME. There is an open feature request for that: Allow configuration of private keys to use your own for TLS management · Issue #2854 · caddyserver/caddy · GitHub

I recommend just letting Caddy issue a new cert/key automatically (i.e. don’t give Caddy your old one). Issuing a cert is cheap and fast, so you don’t need to worry about it.

Why do you think you need this?

This means you can give it your own cert/keys to use for serving TLS connections, but not for managing issuance/renewal of those.

thank you
the main reason for using existing keypair is that i would need some extra fields/extension in the certificate. in some othe use cases, The private-key is provided.

looking forward to see #2854 gets implemented

cheers

I’m not sure I understand. What fields/extensions?

If you want to help push that feature request forwards, please post an explanation of why it would be useful for you (with technical detail please) to the issue.