caddy-website/src/docs/markdown/caddyfile/directives/acme_server.md

---
title: acme_server (Caddyfile directive)
---

# acme_server

An embedded [ACME protocol](https://tools.ietf.org/html/rfc8555) server handler. This allows a Caddy instance to issue certificates for any other ACME-compatible software (including other Caddy instances).

When enabled, requests matching the path `/acme/*` will be handled by the ACME server.


## Client configuration

Using ACME server defaults, ACME clients should simply be configured to use `https://localhost/acme/local/directory` as their ACME endpoint. (`local` is the ID of Caddy's default CA.)


## Syntax

```caddy-d
acme_server [<matcher>] {
	ca       <id>
	lifetime <duration>
}
```

- **ca** specifies the ID of the certificate authority with which to sign certificates. The default is `local`, which is Caddy's default CA, intended for locally-used, self-signed certificates, which is most common in dev environments. For broader use, it is recommended to specify a different CA to avoid confusion. If the CA with the given ID does not already exist, it will be created. See the [PKI app global options](/docs/caddyfile/options#pki-options) to configure alternate CAs.
- **lifetime** (Default: `12h`) is a [duration](/docs/conventions#durations) which specifies the validity period for issued certificates. This value must be less than the lifetime of the [intermediate certificate](/docs/caddyfile/options#intermediate-lifetime) used for signing. It is not recommended to change this unless absolutely necessary.
docs: Add docs for acme_server Caddyfile directive 2020-06-08 12:27:26 -06:00			`---`
			`title: acme_server (Caddyfile directive)`
			`---`

			`# acme_server`

			`An embedded [ACME protocol](https://tools.ietf.org/html/rfc8555) server handler. This allows a Caddy instance to issue certificates for any other ACME-compatible software (including other Caddy instances).`

			When enabled, requests matching the path `/acme/*` will be handled by the ACME server.


			`## Client configuration`

docs: Various updates for 2.3, 2.4 beta, and Go 1.16 Steps on #139 (sorry) 2021-02-17 11:34:28 -07:00			Using ACME server defaults, ACME clients should simply be configured to use `https://localhost/acme/local/directory` as their ACME endpoint. (`local` is the ID of Caddy's default CA.)
docs: Add docs for acme_server Caddyfile directive 2020-06-08 12:27:26 -06:00

			`## Syntax`

			```caddy-d
docs: Various updates for 2.3, 2.4 beta, and Go 1.16 Steps on #139 (sorry) 2021-02-17 11:34:28 -07:00			`acme_server [<matcher>] {`
pki: document certificate lifetime options (#283) Signed-off-by: Kyle McCullough <kylemcc@gmail.com> Signed-off-by: Kyle McCullough <kylemcc@gmail.com> 2022-12-06 17:53:42 -08:00			`ca <id>`
			`lifetime <duration>`
docs: Various updates for 2.3, 2.4 beta, and Go 1.16 Steps on #139 (sorry) 2021-02-17 11:34:28 -07:00			`}`
docs: Add docs for acme_server Caddyfile directive 2020-06-08 12:27:26 -06:00			```
docs: Various updates for 2.3, 2.4 beta, and Go 1.16 Steps on #139 (sorry) 2021-02-17 11:34:28 -07:00
Docs for upcoming v2.5.0 release (#216) * docs: new `log` filters in Caddyfile * docs: `renew_interval` global option * docs: Update access log example * docs: `log_credentials` global option * docs: `vars`, `vars_regexp` matchers * docs: `roll_uncompressed`, `roll_local_time` * docs: `http_redirect` listener wrapper * docs: `pki` app * docs: `strict_sni_host` options * docs: `default_bind` option * docs: `method` directive * docs: `tls internal` subdirectives * Apply suggestions from code review Co-authored-by: Matt Holt <mholt@users.noreply.github.com> * Matchers, options, file_server, reverse_proxy * More clarifications / corrections * Corrections from review * Typo fix * One more note about dynamic upstreams * Tab -> space * Update module namespaces * Update some docs about logging * `copy_response`, `copy_response_headers`, `replace_status` * `dns_challenge_domain_override` * `caddy trust`, API endpoints * `trusted_proxies` * Note about `pass_thru` being only useful inside `route` * Improve logging docs to clarify the difference * A bit of polish on patterns * request_body: Clarify error behavior * review Co-authored-by: Matt Holt <mholt@users.noreply.github.com> 2022-03-11 16:26:00 -05:00			- ca specifies the ID of the certificate authority with which to sign certificates. The default is `local`, which is Caddy's default CA, intended for locally-used, self-signed certificates, which is most common in dev environments. For broader use, it is recommended to specify a different CA to avoid confusion. If the CA with the given ID does not already exist, it will be created. See the [PKI app global options](/docs/caddyfile/options#pki-options) to configure alternate CAs.
pki: document certificate lifetime options (#283) Signed-off-by: Kyle McCullough <kylemcc@gmail.com> Signed-off-by: Kyle McCullough <kylemcc@gmail.com> 2022-12-06 17:53:42 -08:00			- lifetime (Default: `12h`) is a [duration](/docs/conventions#durations) which specifies the validity period for issued certificates. This value must be less than the lifetime of the [intermediate certificate](/docs/caddyfile/options#intermediate-lifetime) used for signing. It is not recommended to change this unless absolutely necessary.