Closed W0n9 closed 4 months ago
See the release notes, the zerossl issuer no longer uses ACME (it now uses their API), so any ACME related config is no longer valid.
Hi @francislavoie I do use API key for ZeroSSL Issuer. But how can I zerossl issuer with domain delegation in this situation?
I don't see how domain delegation makes sense if you're using ZeroSSL's API. Domain delegation is specifically only needed for the ACME DNS challenge because domain verification is done via DNS queries. If you're using ZeroSSL's API, then none of the ACME challenges apply.
If you want to continue using ZeroSSL's ACME, then use the acme
module with the ca
configured to ZeroSSL's URL, and use EAB to authenticate. See the release notes, which explain.
I see!!! Thank you. Before v2.8.0,Caddy just use zerossl API to generate the EAB credentials to use ACME. ref: https://github.com/caddyserver/caddy/pull/6229/commits/bbb6344ee99d61dd6fb8abb353c831046978acf4#diff-86c7d385b669cc8420f1bf112bf546b74292e843d8c76b9d333fbde25ee6ed77
When I update from v2.7.6 to v2.8.0, it raised error
Here is my Caddyfile
But it works at v2.7.6
And I modify Caddyfile to this, v2.8.0 works
But I tried to use zerossl with dns_challenge_override_domain, it still raised error
It maybe about this? https://github.com/caddyserver/caddy/blob/e6f46c8d78b77d0aefe50750dfd6f6a18ba138e5/modules/caddytls/zerosslissuer.go#L127-L137