Is there a way on a Caddyfile to force a specific ACME CA?

jherazob · December 24, 2021, 12:27pm

1. Caddy version (`caddy version`):

2.4.6

2. How I run Caddy:

Systemd init file on Debian, non-json caddyfile, on-demand SSL for a variable list of DNS records

a. System environment:

Debian 10, Systemd

I’m using a non-json Caddyfile, i saw that you can directly state the CA’s endpoint on the json one, but is this possible in a normal Caddyfile? If not, is there a way i can tell it “please use only Let’s Encrypt”? We’re now using CAA records pointing to it only and if Caddy decides one day to generate something using ZeroSSL there might be hard to diagnose issues in the future, and haven’t found a direct answer in the docs (although i bet i have passed in front of the answer half a dozen times without noticing )

matt · December 24, 2021, 4:59pm

You want the acme_ca global option.

Or you can use the tls directive to specify it per-site rather than globally.

Merry Christmas!

jherazob · December 24, 2021, 5:19pm

Perfect! Thanks! Probably won’t test this today though, busy day

system · January 23, 2022, 12:27pm

This topic was automatically closed after 30 days. New replies are no longer allowed.

Is there a way on a Caddyfile to force a specific ACME CA?

1. Caddy version (caddy version):

2. How I run Caddy:

a. System environment:

1. Caddy version (`caddy version`):