Use out-of caddydir certificates directory


We’d like to use the same certificate storage for caddyfile and other services, at this time caddy stores certs in:
<caddy data dir>/certificates/<ca>/<domain>

Would it be possible to change just the <caddy data dir>/certificates directory to something else like /etc/certificates and to still store all the other caddy-related data in ?

That way we could simply use /etc/certificates for other services (exim/dovecot/pure-ftpd etc.) and have a single source of trust. We’d just use /etc/certificates/some_other_directory/ for commercial/EV certs and have all the system certs in a single place.

Not a huge issue if it’s not doable right now, as we can simply copy TLS certs from the caddy directory to /etc/certificates too, just requires some additional lookups (unless Caddy supports some post-certificate-renewal hooks, that could simply copy the file to acdesired location).

Thank you!

Yep, you can totally do that. You can configure a different storage path for each automation policy: JSON Config Structure - Caddy Documentation

(An Automation Policy is what defines how to manage certificates, based on its “subjects” parameter. Er, the docs currently show this parameter as “hosts” but when I update them in the next week or so it’ll say “subjects”.)

But, you can’t change how Caddy organizes its certificates within that path. The folder structure is necessary for proper automated management of the certificates.

Caddy v1 did have this feature with on certrenew This might come to Caddy v2 eventually, TBD.

Might also be possible with a Caddy plugin/module Extending Caddy — Caddy Documentation. I’m not sure what hooks might exist into the cert management flow for plugins though. @matt could clarify if there’s any interest in that.

Events could probably be expressed using existing logging facilities in Caddy, but I’ll want more time to decide how that would work.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.