Setup Caddy server with BuyPass Go SSL A Norwegian CAA provider

Reason to replace Let’s Encrypt

  1. Avoid United States gov banning Let’s Encrypt
  2. Always try something smaller or made in EU would be a good option

BuyPass Go SSL

BuyPass is a Norwegian company that offers a broad range of consumer and enterprise security and digital identity services. Their TLS/SSL certificates are free for one or more domains, just like Let’s Encrypt’s. Buypass Go SSL, is the company’s SSL certificates issued using their Automated Certificate Management Environment (ACME) API, with a lifetime of 180 days.

https://www.buypass.com/products/tls-ssl-certificates/go-ssl

Caddy configuration

Paste acme_ca on top of your Caddy configuration and restart the server.

nano /etc/caddy/Caddyfile

{
    acme_ca https://api.buypass.com/acme/directory
    email 
#   key_type rsa2048
}

Manual setup

apt-get remove certbot
wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

## Register with your email
./certbot-auto register -m '[email protected]' --agree-tos --server 'https://api.buypass.com/acme/directory'
 
## Request a valid certficate
./certbot-auto certonly --standalone --email '[email protected]' -d 'www.xxx.com' -d 'xxx.xxx.com' --server 'https://api.buypass.com/acme/directory'

## Schedule renew config in crontab on every 180 days
0 5 * * 1 /bin/bash ./certbot-auto certonly --standalone --email '[email protected]' -d 'www.xxxx.com' -d 'xxx.xxxx.com' --server 'https://api.buypass.com/acme/directory'  > /dev/null 

References

  1. https://n-bs-p.github.io/Caddy.html
  2. https://caddyserver.com/docs/caddyfile/options
  3. https://www.bleepingcomputer.com/news/security/github-suspends-accounts-of-russian-devs-at-sanctioned-companies/
  4. https://caddy.community/t/configure-key-type-to-use-when-creating-acme-account-for-using-buypass/9445