From 2e0284ded3d74607e4786b7923de5fabf1024411 Mon Sep 17 00:00:00 2001
From: Erik Wramner <erik@wramner.name>
Date: Mon, 4 May 2020 08:01:53 +0200
Subject: [PATCH] Added note about caddy

---
 docs/content/config/security/ssl.md | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/docs/content/config/security/ssl.md b/docs/content/config/security/ssl.md
index a222fced..d10c7ec2 100644
--- a/docs/content/config/security/ssl.md
+++ b/docs/content/config/security/ssl.md
@@ -20,6 +20,26 @@ To enable Let's Encrypt on your mail server, you have to:
 
 You don't have anything else to do. Enjoy.
 
+#### Pitfall with Caddy
+
+If you are using Caddy to renew your certificates, please note that only RSA certificates work. Read [issue 1440](https://github.com/tomav/docker-mailserver/issues/1440) for details. In short the caddy file should look something like:
+
+```
+https://mail.domain.com {
+    tls yourcurrentemail@gmail.com {
+        key_type  rsa2048
+    }
+}
+```
+EC certificates fail in the TLS handshake:
+
+```
+CONNECTED(00000003)
+140342221178112:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:ssl/record/rec_layer_s3.c:1543:SSL alert number 40
+no peer certificate available
+No client certificate CA names sent
+```
+
 #### Example using docker for letsencrypt
 Make a directory to store your letsencrypt logs and configs.