Using / setting ACME profiles as of 2.10

plttn · May 12, 2025, 8:21pm

1. The problem I’m having:

Is there currently a way to set an ACME profile as default whenever a given issuer is used, or does it need to be manually configured per site block using the ACME settings (which as I understand it would also disable falling over to ZeroSSL?):

....
example.com {
    tls {
          acme https://acme-v02.api.letsencrypt.org/directory {
                  profile tlsserver
           }
}
....

Ideally I could configure all of my sites to use tlsserver when getting a certificate from LE, without impacting being able to fail over to ZeroSSL if necessary.

I realize that I’ve snipped out some of the help questions here, but I think this is more of a discussion, rather than a specific issue I’m facing.

2. Error messages and/or full log output:

N/A, configuration question, not a specific error/log related question

3. Caddy version:

v2.10.0 h1:fonubSaQKF1YANl8TXqGcn4IbIRUDdfAkpcsfI/vX5U=

4. How I installed and ran Caddy:

a. System environment:

CentOS Stream 10

5. Links to relevant resources:

github.com/caddyserver/caddy

modules/caddytls/acmeissuer.go

716d72e47


      
          	// EXPERIMENTAL: Subject to change.
          	// See https://datatracker.ietf.org/doc/draft-aaron-acme-profiles/
          	Profile string `json:"profile,omitempty"`

matt · May 12, 2025, 10:48pm

You can use the cert_issuer global option, with the same syntax (starting with the acme token):

plttn · May 13, 2025, 4:32am

Perfect, thanks!

system · June 12, 2025, 4:33am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.