From 7715f65b783e81052cbd02c34ebc218dc1e64e37 Mon Sep 17 00:00:00 2001
From: rhyst <rhystyers1@gmail.com>
Date: Mon, 11 May 2020 17:52:25 +0100
Subject: [PATCH] Adding instructions for Caddy V2

---
 Configure-SSL.md | 76 +++++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 75 insertions(+), 1 deletion(-)

diff --git a/Configure-SSL.md b/Configure-SSL.md
index d10c7ec..cac6e8f 100644
--- a/Configure-SSL.md
+++ b/Configure-SSL.md
@@ -22,7 +22,7 @@ You don't have anything else to do. Enjoy.
 
 #### Pitfall with Caddy
 
-If you are using Caddy to renew your certificates, please note that only RSA certificates work. Read [issue 1440](https://github.com/tomav/docker-mailserver/issues/1440) for details. In short the caddy file should look something like:
+If you are using Caddy to renew your certificates, please note that only RSA certificates work. Read [issue 1440](https://github.com/tomav/docker-mailserver/issues/1440) for details. In short for Caddy v1 the Caddyfile should look something like:
 
 ```
 https://mail.domain.com {
@@ -31,6 +31,80 @@ https://mail.domain.com {
     }
 }
 ```
+
+For Caddy v2 it is necessary to use the json structured Caddyfile. A minimal config would look something like this:
+
+```
+{
+  "apps": {
+    "http": {
+      "servers": {
+        "srv0": {
+          "listen": [
+            ":443"
+          ],
+          "routes": [
+            {
+              "match": [
+                {
+                  "host": [
+                    "mail.domain.com",
+                  ]
+                }
+              ],
+              "handle": [
+                {
+                  "handler": "subroute",
+                  "routes": [
+                    {
+                      "handle": [
+                        {
+                          "body": "",
+                          "handler": "static_response"
+                        }
+                      ]
+                    }
+                  ]
+                }
+              ],
+              "terminal": true
+            },
+          ]
+        }
+      }
+    },
+    "tls": {
+      "automation": {
+        "policies": [
+          {
+            "subjects": [
+              "mail.domain.com",
+            ],
+            "key_type": "rsa2048",
+            "issuer": {
+              "email": "email@email.com",
+              "module": "acme"
+            }
+          },
+          {
+            "issuer": {
+              "email": "email@email.com",
+              "module": "acme"
+            }
+          }
+        ]
+      }
+    }
+  }
+}
+```
+The generated certificates can be mounted:
+```
+volumes:
+  - ${CADDY_DATA_DIR}/certificates/acme-v02.api.letsencrypt.org-directory/mail.domain.com/mail.domain.com.crt:/etc/letsencrypt/live/mail.domain.com/fullchain.pem
+  - ${CADDY_DATA_DIR}/certificates/acme-v02.api.letsencrypt.org-directory/mail.domain.com/mail.domain.com.key:/etc/letsencrypt/live/mail.domain.com/privkey.pem
+```
+
 EC certificates fail in the TLS handshake:
 
 ```