-
TL;DR: Grab this value
jq -r '.location' $(sudo -u caddy caddy environ | awk -F'=' '/^caddy.AppDataDir=/{print $2"/acme/acme-v02.api.letsencrypt.org-directory/users/*/caddy.json"}')and jump to step 4. -
In your
Caddyfileyou should add an email to the Global Options Block:
{
email demo@example.com
}
domain.tld { ... }
If you haven't done so, then do it now and restart caddy.
- Find your caddy AppDataDir:
If you run caddy as user caddy (i.e. if installing caddy from apt and running as a systemd service), then prefix the command with sudo -u caddy:
caddy environ | grep caddy.AppDataDir
This should output something like: caddy.AppDataDir=/var/lib/caddy/.local/share/caddy
In this case your (prod) ACME directory for Let's Encrypt is:
/var/lib/caddy/.local/share/caddy/acme/acme-v02.api.letsencrypt.org-directory/users/demo@example.com/(Note:demo@example.comfrom Global Options Block in Caddyfile).
In this directory you will find two files:
caddy.json:
{
"status": "valid",
"contact": [
"mailto:demo@example.com"
],
"termsOfServiceAgreed": true,
"orders": "",
"location": "https://acme-v02.api.letsencrypt.org/acme/acct/13333337"
}This contains your accounturi (stored in location).
The directory also contains the file caddy.key containing your private account key, e.g:
-----BEGIN EC PRIVATE KEY-----
MIGfWW91IHNob3VsZCBvZmMgbm90IGxlYWsgeW91ciBwcml2YXRlIGtleSEgQnV0
IEkgdGhpbmsgaXQgaXMgbmljZSB0byBoYXZlIHNvbWUgZHVtbXkgdGV4dCBvZiBy
b3VnaGx5IHRoZSBzYW1lIHNpemUuIFRoaXMgd2lsbCBwcm9iYWJseSB0cmlnZ2Vy
IGEgYnVuY2ggb2YgZmFsc2UgcG9zaXRpdmVzIGluIHNjYW5uZXJzCg==
-----END EC PRIVATE KEY-----
You should ofc keep your .key file private!
-
If you need to setup Caddy on a new server, for the same domain, then you need to copy these two files to the new server for it to be able to request certs using ACME.
-
Setting up DNS
In your DNS panel create a CAA record with value:
0 issue "letsencrypt.org; accounturi=https://acme-v02.api.letsencrypt.org/acme/acct/13333337"
Make sure to replace 13333337 with the value from caddy.json!