With a recent update caddy can not use let's encrypt certificates anymore.
We have to use acme client for that. that's fine even if it's a bit longer to setup.
When you go to System/trust/certificates all certificates are listed.
How can you remove those issued from caddy/let's encrypt that are not used anymore.?
In my experience they will be removed when they expire.
That's what i thought so i waited. Now i have 8 expired (3 or 4 days ago) certificates which are still here.
Ah. So that only happened while the previous version of caddy was still active. I vaguely remember removing them manually. I'll see if I can find any details.
that's right. With the previous version caddy was managing let's encrypt certificates. With the actual version i need to use acme client (i'm using dns challenge).
it seems that certificates and caddy acme configuration is at /var/db/caddy/data
but i don't know what to delete
You can delete all contents of the certificate folder there.
https://github.com/opnsense/plugins/blob/master/www/caddy/src/etc/ssl/ext_sources/caddy.conf#L2
The path there collects the certificates that are shown in system settings trust.
The temp folder will be recreated automatically, it contains certificates selected in domains explicitely.
Thanks. That did it.