Closed ptman closed 3 years ago
francislavoie
commented
3 years ago I think this should already work (at least, as of Caddy v2.2 which now uses acmez, not sure about previous versions but nobody should be using older versions by Sept 2021)
@mholt can you confirm? 😄
mholt
commented
3 years ago Yeah acmez supports this already, I just need to expose the configuration in CertMagic and Caddy.
mholt
commented
3 years ago Btw this was done in https://github.com/caddyserver/caddy/commit/95af4262a8adf12e0c5eb178d9e521903eb8b0e4
ptman
commented
3 years ago How should one use this? Is there documentation somewhere?
mholt
commented
3 years ago Not yet, since it's not released, but the commit is just a few lines of code and has comments:
// List of preferred certificate chains, by issuer's CommonName. If empty, // or if no matching chain is found, the first chain offered by the server // will be used. PreferredChains []string
json:"preferred_chains,omitempty"
So just set the preferred_chains field to the common name of the issuer you want to use. It's similar to how certbot lets you choose a chain, for example.
As needed by https://letsencrypt.org/2020/11/06/own-two-feet.html , specified by https://tools.ietf.org/html/rfc8555#section-7.4.2