I’ll test the nginx adapter, but doubt it would work since we use some 3rd party nginx modules and complex logging formats. But was hoping on getting help just understanding the process involved in the local https certificate generation and if we could get nginx to request a ssl certificate.
In the 2nd article I attached it says to do this on the backend to get a certificate from the frontend:
I was hoping there would be a way to get nginx to use the root certificate and somehow request certificate generation from the first article:
Configure Nginx to require clients to authenticate with a certificate issued by your CA
That tells Caddy to get its certificates from an ACME server at https://caddy.roadrunner/acme/local/directory, not “the frontend.”
It sounds/looks like you are trying to do TLS mutual auth? (aka “client auth” with the normal “server auth” also happening)
But this sounds like you want Caddy to generate a certificate, not verify a client certificate.
So, best I can guess so far, is:
You want Caddy to serve your site over HTTPS
You want Caddy to proxy to an nginx backend also over HTTPS (Why nginx? And do you really need HTTPS on a private network? Caddy can do that, but most people don’t need that.)
Caddy will use HTTPS for all sites by default.
For internal-looking hostnames or IP addresses, Caddy will generate its own certificate automatically; otherwise for every other hostname, it will get a publicly-trusted certificate automatically instead.
You can use self-signed certificates without risk of MITM.