Welcome!
Technically, if you only want to allow Let’s Encrypt (or any other specific CAs) to issue certs for your domains, you need to configure CAA records in your DNS zone. This is unrelated to Caddy, and it sounds like what your applications actually require based on what you’ve said.
If you want to configure the issuers that Caddy uses, the existing methods apply. Since you mentioned that you set cert_issuer I assume you’re using the Caddyfile:
-
cert_issuerglobal option - or
tlsdirective
The default CA for the acme issuer is still Let’s Encrypt.
In other words, for your use case, this would probably be easiest:
{
cert_issuer acme
}
You can also make it more explicit like so:
{
acme_ca https://acme-v02.api.letsencrypt.org/directory
}
Or you can use the tls directive to give you control per-domain, etc.