Currently key_type is only available as a global option in the Caddyfile:
If you need deeper customization, you’ll need to use JSON configuration instead. You can convert your current config to JSON with the caddy adapt command.
Thanks for the reply. How difficult would it be to enable this in the Caddyfile? I’m willing to try to make a PR but have only got limited go experience.
In the mean time I have generated the json and modified the tls section like this:
I’m pretty sure that order matters for the policies, you’ll likely need to swap them so the most specific one is matched first.
I’m not sure whether you need to get rid of the old keys, you could try backing them up from your data directory to see if they generate differently for you.
It’s a tricky problem. The tls directive is per-site, but in JSON the tls app is “global”. We have some pretty complex logic that consolidates TLS settings when adapting to JSON. I think @matt will need to decide if this is something worth exploring.
I don’t think it’s difficult. We already do similar logic for the ACME account email address and such. Just doesn’t seem very useful to have different key types. Why do you need this feature in the Caddyfile?
I wanted the rsa2048 keys to use with docker-mailserver (all in one self hosted mail server stack container) which currently doesn’t support the default keys (EC?). I don’t know if that issue is specific to the docker image, or some element of the tech within.
I’m managing my Caddy config manually as its just for my personal server with various apps running so it would be nicer to use the Caddyfile syntax as opposed to the full json structure.
Well, I think you’re the first to ask for that feature (in the Caddyfile, specifically – since it can already be done in the JSON).
It’s not a high priority for me to implement at this time but we could review a PR if you wanted to jump on it. Otherwise, just choose a maximally-compatible key type globally in the meantime, or tweak the JSON (it’s really not that bad, just explore the structural docs for a bit - I hand-craft or fine-tune JSON configs all the time).
Yeh you are right, the JSON is not nearly as daunting as it first looks and I’ve now got my config in YAML so its almost as concise as the Caddyfile format.
Thanks for all the help, very pleased with Caddy atm