It seems like Caddy automatically removes all certificate files in /usr/local/etc/caddy/certificates/temp after start. I can exploit this by writing the extracted certificates from the opnsense trust store in there, and after caddy has loaded them into the RAM they're automatically deleted.
That will prevent stray certificates being left laying around in the system. It is also logged in the caddy.log so thats a plus too.
It seems like Caddy automatically removes all certificate files in /usr/local/etc/caddy/certificates/temp after start. I can exploit this by writing the extracted certificates from the opnsense trust store in there, and after caddy has loaded them into the RAM they're automatically deleted.
That will prevent stray certificates being left laying around in the system. It is also logged in the caddy.log so thats a plus too.