Please help test multi-issuer support

Caddy 2.3 is currently in development, and one of its flagship features is multi-issuer support. This means that Caddy can be configured to get a certificate from multiple sources. For example, if you hit a Let’s Encrypt rate limit, Caddy can fall back to ZeroSSL for a certificate instead, immediately.

This is a big and nuanced change, so we need your help to test it before it is released!

We just merged the change into the master branch, so you can build from source to test it out.

I did test this with a variety of configs, but there are so many combinations that it’s hard to get them all. We do expect there to be some edge cases that are buggy, or maybe not even edge cases! Hence why your help is so important. We really appreciate it!

What to expect

If Caddy fails to get a certificate from the first issuer, it will try the second. Caddy’s new defaults for public-looking sites will be both Let’s Encrypt and ZeroSSL. Otherwise, observable behavior should basically be the same; just higher reliability.

Note that we do not guarantee in which order issuers will be tried (for example we might load-balance in the future); any configured issuers are free game. (Issuers are not limited to ACME endpoints, either!)

If something’s not right…

Please enable debug logging. Then also run caddy adapt on your Caddyfile (or other config adapter, if using one) to get the raw JSON config. Please inspect it, and make sure it looks correct. If not, be sure to note that in your bug report.

As usual, when reporting bugs, please provide as much detail as possible while also simplifying your config as much as possible so I can quickly provide a fix. Or better yet, propose a PR after reporting the bug!

Thank you for your help! Have fun with it. :slight_smile:



Great feature Matt :clap:


This topic was automatically closed after 120 days. New replies are no longer allowed.