Reusing Caddy's certificates in other services

duff · March 10, 2021, 2:29pm

I have been using the certificates that caddy creates for postfix, dovecot, and znc, since by far this seems like the simplest solution to get automatic renewal of my certificates.

Problem is that now that caddy can transparently use multiple providers (Let’s Encrypt + ZeroSSL), the full path for the latest certificate for a domain can change.

Other than disabling ZeroSSL, I wonder if there are other solutions to this problem?

Or possibly something that could be considered for future improvements of caddy, for example providing a symbolic link to latest, that we could then use.

I would almost imagine I am not the only one re-using caddy’s certificates for other services, so while I know this is not the goal of caddy, it would still be very much appreciated, if it could be explicitly supported.

francislavoie · March 10, 2021, 3:20pm

I could picture an CLI command in Caddy that lets you export the current cert/key for a given hostname:

caddy export-cert
    --domain foo.example.com
    [--config /path/to/Caddyfile]
    [--adapter caddyfile]
    [--key]
    [--with-chain]

The adapter and config path would be necessary to load the correct storage configuration (in case it was changed from the defaults).

What do you think @matt?

matt · March 10, 2021, 11:00pm

I could see that being good as a third-party module, but I’m not sure it’s a good fit for the standard modules we maintain.

system · April 9, 2021, 2:30pm

This topic was automatically closed after 29 days. New replies are no longer allowed.