caddy certificate let's encrypt

Started by caplam, July 19, 2025, 05:50:17 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
July 19, 2025, 05:50:17 PM
With a recent update caddy can not use let's encrypt certificates anymore.
We have to use acme client for that. that's fine even if it's a bit longer to setup.
When you go to System/trust/certificates all certificates are listed.
How can you remove those issued from caddy/let's encrypt that are not used anymore.?
July 19, 2025, 06:02:48 PM #1
In my experience they will be removed when they expire.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
July 19, 2025, 06:15:32 PM #2
That's what i thought so i waited. Now i have 8 expired (3 or 4 days ago) certificates which are still here.
July 19, 2025, 06:30:00 PM #3
Ah. So that only happened while the previous version of caddy was still active. I vaguely remember removing them manually. I'll see if I can find any details.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
July 19, 2025, 07:10:17 PM #4
that's right. With the previous version caddy was managing let's encrypt certificates. With the actual version i need to use acme client (i'm using dns challenge).
July 20, 2025, 04:54:35 PM #5
it seems that certificates and caddy acme configuration is at /var/db/caddy/data
but i don't know what to delete
July 20, 2025, 05:45:01 PM #6 Last Edit: July 20, 2025, 05:46:37 PM by Monviech (Cedrik)
You can delete all contents of the certificate folder there.

https://github.com/opnsense/plugins/blob/master/www/caddy/src/etc/ssl/ext_sources/caddy.conf#L2

The path there collects the certificates that are shown in system settings trust.

The temp folder will be recreated automatically, it contains certificates selected in domains explicitely.
Hardware:
DEC740
July 20, 2025, 06:14:39 PM #7
Thanks. That did it.
Print
Go Up Pages1
User actions