Yep! That’s exactly why it’s available as a http handler!
Caddy completely replaces certbot. Caddy itself is an ACME client, and it’s the underlying function of its flagship feature, Automatic HTTPS:
Caddy is primarily an HTTP server, and the Caddyfile adapter aims to fill that niche, so it’s better to use JSON config if you need to manage non-HTTP domains. See this article for an example:
Yeah, you can configure multiple issuers. By default, Caddy enables the acme issuer (for Let’s Encrypt) and the zerossl issuer (for ZeroSSL – which is also ACME, but it came later so the names aren’t aligned). There’s also the internal issuer which is your local CA.
Yep, see the tls directive, which allows you to configure client_auth:
Nope, Caddy uses acmez which is its own ACME client implementation. This is because Caddy needs to have greater control over its underlying ACME client implementation so it can be more rigorous and reliable. Caddy used to use lego, another Let’s Encrypt client lib, but it wasn’t enough to support everything Caddy needed to do, and it was too rigid to change for Caddy (because it’s used by other users who have different goals in mind).