Does anyone have experiences with ZeroSSL? Caddy has been building in support so I think it could be a drop-in replacement for Caddy/CertMagic/ACMEx users.
We're gradually making ZeroSSL a default CA for Caddy.
(I am currently implementing multi-CA support into Caddy and CertMagic, so that Caddy will be able to use both Let's Encrypt and ZeroSSL for redundancy. It's the first server to support this!)
BuyPass doesn't support wildcards, and only allows up to 5 subjects per certificate (Caddy only uses 1 SAN, but still) -- and Caddy is a ZeroSSL project. We also prefer shorter cert lifetimes.
Hi! Could I ask a somewhat unrelated question about using Let's Encrypt with Caddy? I've been trying to help some folks (in education) get wildcard subdomain certificates to work on their Google Cloud machines via lego_deprecated's purported gcloud support in Caddy v2 (we've tried to follow the instructions and all), but we've been running into issues and it's been incredibly frustrating to figure out how to resolve them. I recall one of the errors we got was "No TXT record found at _acme-challenge.subdomain.domain.tld", but it was hard to see all of them because most of the errors we'd see would be rate-limit errors. Things were so much easier and everything worked in Caddy v1, but ever since we upgraded to v2, we have no idea how to make it work with gcloud (the instructions haven't gotten it working for us), and there seems to be a lack of any working examples on the internet. Do you know if anyone has had success with gcloud at all? Would you have any guidance on how to proceed? Currently they're running on expired certificates and we have no idea how to renew them via Caddy, and it's not clear to me how to even do it out-of-band either.
For more help, please ask on our forums! I don't use Google Cloud but it is more likely that somebody there does: https://caddy.community -- otherwise, time to roll up your sleeves and get to work, forge the answer for others, I suppose!
Just tried to switch to them from LE since I don't want to just drop 33% of Android users, but it looks like their ACME implementation is not RFC8555-compliant as their 'newAccount' endpoint can only be used only once in violation of section 7.3.1 of the RFC. They also seem to be pushing people to use their own proprietary API instead. So thanks but no thanks.
Seconding regecks' comment.
We're gradually making ZeroSSL a default CA for Caddy.
(I am currently implementing multi-CA support into Caddy and CertMagic, so that Caddy will be able to use both Let's Encrypt and ZeroSSL for redundancy. It's the first server to support this!)
This is a good thing for the ecosystem.