I have an upstream mail server, that does not have it’s own web-mail. I also have caddy on a separate machine that performs all of the TLS termination for my domain. What I’m trying to work out is if I can get the auto generated certs created by caddy to be sent to the mail server so it can use them for it’s TLS connections.
2. Error messages and/or full log output:
PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.
3. Caddy version:
root@webproxy:/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/digital-solutions.me.uk# caddy version
v2.7.6 h1:w0NymbG2m9PcvKWsrXO6EEkY9Ru4FJK8uQbYcev1p3A=
root@webproxy:/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/digital-solutions.me.uk#
4. How I installed and ran Caddy:
apt install caddy
a. System environment:
ubuntu linux 20.04
b. Command:
PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.
c. Service/unit/compose file:
PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.
d. My complete Caddy config:
PASTE OVER THIS, BETWEEN THE ``` LINES.
Please use the preview pane to ensure it looks nice.
This is because Caddy may use either Let’s Encrypt or ZeroSSL to issue certs, and depending on the issuer, the file path will be different. Using the event guarantees you have the correct path. You can then use the event to copy the cert files somewhere consistent for you to use for your mail server.
Hi @francislavoie , thanks for that info, I’ll take a look into that info.
What I actually wanted to do originally, was to have my main caddy instance terminate all the TLS as normal for every endpoint on my domain, except just the one single host name that goes to the mail server.
I was then going to put a single instance of caddy on that server, so that, that machine got it’s own cert, on it’s own hard drive, and I could just tell the mail server to use that.
I couldn’t find a decent step by step straight forward tutorial to pass through just one hostname however, so I came up with the idea that if I could get the main caddy instance to terminate with the rest of the domains, I could then just send those certs to the mail server via SSH or similar whenever they got renewed.
PS: forgot to ask. I’m currently using standard caddy files, does using events mean I’ll need to convert my entire config to one JSON file to use them?
Right now I have a main caddyfile, and one caddy file for each domain which is #included into the main caddy file at start-up.
Will I have to merge all of these into one file file and convert to JSON to use the events feature?
No, events work with Caddyfile as well (that link gives a Caddyfile example). Events config goes in the global options at the top of your main Caddyfile.
But you do need a custom build of Caddy with a plugin to handle the events and do something interesting with it.
There’s a few threads on the forums from other users who set this up as well, using a simple bash script to copy the cert+key to some other well known location. You can search for that. If you can find it let me know and I’ll dig for it.