I need to use a specific CA’s ACME service to get a certificate instead of using Let’s Encrypt or ZeroSSL, what do I need to do? I’m not sure if setting tls.acme.dir directly will work, and from my understanding is that this just overrides Let’s Encrypt’s settings, and it’s still possible for Caddy to request a certificate from ZeroSSL?
Also I need to validate domain control using only CNAME to the CA provided DCV server (similar to what is described in this article), what do I need to do?
I have checked the documentation but still have no idea about the above two questions.
Howdy @stackinspector, welcome to the Caddy community.
The information you’re after specifically is at https://caddyserver.com/docs/caddyfile/directives/tls#issuers, which outlines how to configure the ACME directory URL supplied by your provider.
Taking a glance at that Digicert link, it seems like that authentication happens out-of-band - nothing to do with Caddy.
It seems like you’re supposed to do that step between your DNS provider and Digicert and then you use EAB credentials to allow Caddy to authenticate to Digicert to pull from the ACME endpoint. The eab section in that issuers acme <directory_url> is where you put those credentials.
2 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.