summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--modules/caddypki/acmeserver/acmeserver.go8
-rw-r--r--modules/caddytls/tls.go13
2 files changed, 16 insertions, 5 deletions
diff --git a/modules/caddypki/acmeserver/acmeserver.go b/modules/caddypki/acmeserver/acmeserver.go
index d5e5559..f5c013b 100644
--- a/modules/caddypki/acmeserver/acmeserver.go
+++ b/modules/caddypki/acmeserver/acmeserver.go
@@ -66,6 +66,13 @@ type Handler struct {
// on this property long-term; check release notes.
PathPrefix string `json:"path_prefix,omitempty"`
+ // If true, the CA's root will be the issuer instead of
+ // the intermediate. This is NOT recommended and should
+ // only be used when devices/clients do not properly
+ // validate certificate chains. EXPERIMENTAL: Might be
+ // changed or removed in the future.
+ SignWithRoot bool `json:"sign_with_root,omitempty"`
+
acmeEndpoints http.Handler
logger *zap.Logger
}
@@ -109,6 +116,7 @@ func (ash *Handler) Provision(ctx caddy.Context) error {
}
authorityConfig := caddypki.AuthorityConfig{
+ SignWithRoot: ash.SignWithRoot,
AuthConfig: &authority.AuthConfig{
Provisioners: provisioner.List{
&provisioner.ACME{
diff --git a/modules/caddytls/tls.go b/modules/caddytls/tls.go
index 51c4cab..31b13fb 100644
--- a/modules/caddytls/tls.go
+++ b/modules/caddytls/tls.go
@@ -478,11 +478,14 @@ type Certificate struct {
Tags []string
}
-// AutomateLoader is a no-op certificate loader module
-// that is treated as a special case: it uses this app's
-// automation features to load certificates for the
-// list of hostnames, rather than loading certificates
-// manually.
+// AutomateLoader will automatically manage certificates for the names
+// in the list, including obtaining and renewing certificates. Automated
+// certificates are managed according to their matching automation policy,
+// configured elsewhere in this app.
+//
+// This is a no-op certificate loader module that is treated as a special
+// case: it uses this app's automation features to load certificates for the
+// list of hostnames, rather than loading certificates manually.
type AutomateLoader []string
// CaddyModule returns the Caddy module information.