update 2023-08-18:
- im not sure why this worked before, but it actually needs a plugin for the exec command. since i am not building caddy myself, i ended up using another letsencrypt client instead.
A little follow-up to switching from nginx to caddy.
For prosody, an xmpp server, i needed certificates that i got with certbot and a deploy hook before. Now that i deleted certbot, i needed a way to get and deploy certificates with caddy.
Its not documented very well, but totally possible to do that. In their github issues i found a request for event hooks, and linked there is the implementation with a small example for what the event hook definition should look like.
In the Caddyfile general block (so, at the very top), add the “events” app, and specify the “certificate_obtained” hook:
{
events {
on certificate_obtained exec /bin/foobar --domain {event.data.domain}
}
}
In my case i needed to copy the certificate out and change the access rights - so i just wrote a little script, which is executed by this hook. If you use caddy on a debian-like system via their repositories and the systemd service, the files you are looking for are in
/var/lib/caddy/.local/share/caddy/certificates/acme-v02.api.letsencrypt.org-directory/<domain>/
in files called <domain>.key for the secret key and <domain>.crt for the certificate.
tech