Specify root and intermediate certificates for embedded ACME server

1. Caddy version (caddy version):

v2.2.0 h1:sMUFqTbVIRlmA8NkFnNt9l7s0e+0gw+7GPIrhty905A=

2. How I run Caddy:

a. System environment:

CentOS 8 LXC container running on Proxmox.

b. Command:

caddy run --config /etc/caddy/Caddyfile

c. Service/unit/compose file:


d. My complete Caddyfile or JSON config:

	    http_port   80
        https_port  443
#       auto_https disable_redirects
        acme_ca https://localhost/acme/local/directory
        email domain@domain.io

localhost {

http://internal.domain.io {
        redir http://www.internal.domain.io{uri}

https://internal.domain.io {
        redir https://www.internal.domain.io{uri}

http://www.internal.domain.io, https://www.internal.domain.io {
    root * /var/www

https://srv-web-caddy-01.internal.domain.io {
        root * /var/www

git.internal.domain.io {
        reverse_proxy http://srv-dev-gogs-01.internal.domain.io:3000

str-nas-01.internal.domain.io {
        reverse_proxy https://nas.internal.domain.io:5001

3. The problem I’m having:

I am using the embedded smallstep ACME server. My above config is working: when I add new sites to the Caddyfile, the will receive an automatic certificate from the https://localhost/acme/local/directory server. But Caddy is generating the root and intermediate certificates used itself. How can I configure my own, since I already have an internal root and intermediate CA?

4. Error messages and/or full log output:


5. What I already tried:

Lots of google-fu with no clear answers. What I have NOT tried is manually replacing the root and intermedia certs with my certs, since I am assuming this is not the correct way. There must be a cleaner way.

6. Links to relevant resources:


This topic was automatically closed after 30 days. New replies are no longer allowed.