How to specify both issuer and acme dns at the same time?

Help
1

1. Caddy version (caddy version):

2.4.6

2. How I run Caddy:

with docker as always :slight_smile:

a. System environment:

docker linux

b. Command:

c. Service/unit/compose file:

d. My complete Caddyfile or JSON config:

{
    email myemail@address.tld
    acme_dns cloudflare APIKEY
    cert_issuer zerossl APIKEY
}

......

https://example.tld {
 reverse_proxy 127.0.0.1:8080
tls myemail@address.tld {
 dns cloudflare APIKEY
 issuer zerossl APIKEY
 }
}

3. The problem I’m having:

i get an error saying that i can’t put issuer like that but don’t really understand why, i would like to specify the apikey for zerossl so i can see on my dashboard information about the certs issued but didn’t manage to for this specify entry.

4. Error messages and/or full log output:

haven’t been able to reproduce the error

5. What I already tried:

changing the syntax

6. Links to relevant resources:

2

If you specify it in global options, you don’t need to also specify it in each site. Just pick one.

But if you choose configuring via the site, then you need to put the dns config inside of the issuer. Like this:

tls myemail@address.tld {
	issuer zerossl APIKEY {
		dns cloudflare APIKEY
	}
}
1 Like
3

i’m using multiple dns zone i have to use multiple apikey.
with a configuration that looks like that :

https://example.tld {
 reverse_proxy 127.0.0.1:8080
  tls myemail@address.tld {
   issuer zerossl APIKEY {
    dns cloudflare APIKEY
    }
  }
}

i get this error :

{"level":"info","ts":????????.????????,"msg":"using provided configuration","config_file":"/etc/caddy/Caddyfile","config_adapter":"caddyfile"}

run: adapting config using caddyfile: parsing caddyfile tokens for 'tls': /etc/caddy/Caddyfile:21 - Error during parsing: cannot mix issuer subdirective (explicit issuers) with other issuer-specific subdirectives (implicit issuers)

so if i understand i can’t use mutliples zerossl apikey ?

4

That seems like it’s only a subset of your config. What your entire config? How can I replicate this?

5 
https://abc.example.tld {
 reverse_proxy 127.0.0.1:8080
  tls myemail@address.tld {
   issuer zerossl APIKEY1{
    dns cloudflare APIKEY1
    }
  }
}

https://cde.example.tld {
 reverse_proxy 127.0.0.1:8181
  tls myemail@address.tld {
   issuer zerossl APIKEY1{
    dns cloudflare APIKEY1
    }
  }
}

https://efg.example.tld {
 reverse_proxy 127.0.0.1:8282
  tls myemail@address.tld {
   issuer zerossl APIKEY1{
    dns cloudflare APIKEY1
    }
  }
}

https://ghi.example.tld {
 reverse_proxy 127.0.0.1:9090
  tls myemail@address.tld {
   issuer zerossl APIKEY2 {
    dns cloudflare APIKEY2
    }
  }
}

https://ijk.example.tld {
 reverse_proxy 127.0.0.1:10010
  tls myemail@address.tld {
   issuer zerossl APIKEY3 {
    dns cloudflare APIKEY3
    }
  }
}

this should be more revelant about the config i use, i used single option only since i removed the general option to ensure that nothing interfere with the rest of the config.
i use 3 different dns zone with 3 differents zerossl apikey

6

Just making sure, you have a space between the API key and {, right? Whitespace is important, otherwise the { would be read as part of the API key.

All of those sites have the domain. That’s not a valid config.

7

oups sorry i forgot to update the domains
i’m gonna check that the typo is actually just me exporting my config in a bad way or if it was like that in my config

8

Oh, right. I forgot, the email when used as an argument to tls is technically an “issuer-specific subdirective” for implementation reasons. So the fix is to write it like this:

tls {
	issuer zerossl APIKEY {
		email myemail@address.tld
		dns cloudflare APIKEY
	}
}
2 Likes
9

yes it seems it’s the solution.
thank you !

1 Like
10

This topic was automatically closed after 30 days. New replies are no longer allowed.