This is what I have in the global section of my Caddyfile:
{
email basil.hendroff@udance.com.au
acme_dns cloudflare [REDACTED]
# debug
}
At present, I get regular email notifications from LE regarding certificates issued to me, but based on the discussion within this thread, it’s ambiguous whether I’ll get similar notifications from ZeroSSL as well.
It appears to me I’ve got two options:
- Use the
cert_issuerglobal option to have only one CA issue certs. The hints are in this thread
Question about the Multi-Issuer Support, or - Persevere with multi-CA issued certs, but try to get notifications working and find better cert tools for each CA.
My preference is for the latter. @matt presents some options in this wiki article Using ZeroSSL’s ACME endpoint , but it’s not clear to me whether the global options specified mean:
- ZeroSSL will usurp LE and be the only CA issuing certs;
- I’ll begin to receive email from ZeroSSL…the first global option seems to suggest this as it links an email with the ZeroSSL endpoint;
- Using EAB credentials will allow issued certs to appear in the ZeroSSL dashboard.
It’s all a bit puzzling atm. In an ideal world, what I’m hoping for is:
- Advance notification of events such as upcoming cert expiry from all CAs issuing certs (linked to an email address); CA maintenance, etc.; and
- Useful CA cert tools apart from crt.sh. For example, this LE debug toolkit allows me to see what LE certs are issued against domains of interest. The ZeroSSL dashboard holds some promise here if it can be made to work with ZeroSSL certs issued through Caddy.