Manual issuance from internal PKI?

1. Caddy version (caddy version):

2.5.1 from apt

2. How I run Caddy:

Stock systemd unit on Ubuntu 22.04.

d. My complete Caddyfile or JSON config:

        servers :443 {
                protocol {
        email ...
        pki {
                ca {
                        name "Quake CA"

localhost:2020, Quake:2020 {
        tls internal
        file_server /var/www/acme
# ...

3. The problem I’m having:

No problem, actually. I was just trying to use the internal CA, either via acme or not, to issue certificates for containers I want to reverse proxy.

4. Error messages and/or full log output:

5. What I already tried:

I tried looking pretty much anywhere to see if I can disable validation in the acme server, like it were pebble, or if there’s a command somewhere to issue a certificate manually from the intermediates Caddy produces, but I am not sure I want to go that route with openssl and its CLI.

6. Links to relevant resources:

We don’t currently have a way to do it directly, but we’ll likely add it eventually, as an admin API endpoint that takes basically a CSR (certificate signing request) and gives you back a cert.

If you want to use ACME then yeah, use the acme_server directive and point your ACME client to Caddy.

It’s not that I want to use it. I just explored using it to get a certificate. But I would have to also point the acme server to a fake resolver that always answers “yeah, that’s” for every possible query :smiley:

You can run CoreDNS:

1 Like

Sounds fun

This topic was automatically closed after 30 days. New replies are no longer allowed.