If you haven’t heard yet, ZeroSSL is an ACME-compatible certificate authority alternative to Let’s Encrypt. They issue Sectigo certificates, offer paid commercial support, and do not enforce rate limits as tight as Let’s Encrypt does.
This is great news for the PKI ecosystem in general. As wonderful as Let’s Encrypt is (and it is good), it’s never a great idea to have only one automated certificate authority. Having two is better.
ZeroSSL’s ACME endpoint is already compatible with Caddy because it implements RFC 8555. But in Caddy 2.2 (currently in RC 1 pre-release), we’ve made ZeroSSL even easier to configure because Caddy 2.2 will automatically generate the External Account Binding (EAB) credentials for you.
I anticipate that the next release of Caddy (v2.3) will support multi-CA fallback: the ability to try a secondary CA if the first one fails for some reason.