From 34aec1c790b58dc692764b32b984940abe3cae7c Mon Sep 17 00:00:00 2001
From: "Simon L." <szaimen@e.mail.de>
Date: Mon, 1 Jun 2026 12:20:40 +0200
Subject: [PATCH] caddy: re-introduce lets encrypt profiles

Signed-off-by: Simon L. <szaimen@e.mail.de>
---
 Containers/apache/Caddyfile               | 1 +
 Containers/mastercontainer/acme.Caddyfile | 1 +
 2 files changed, 2 insertions(+)

diff --git a/Containers/apache/Caddyfile b/Containers/apache/Caddyfile
index 7b88bc18..39674fd1 100644
--- a/Containers/apache/Caddyfile
+++ b/Containers/apache/Caddyfile
@@ -78,6 +78,7 @@ http://{$APACHE_HOST}.nextcloud-aio:23973, # For Collabora callback and WOPI req
     # TLS options
     tls {
         issuer acme {
+            profile tlsserver
             # Disable HTTP challenge because that would require port 80, which we don't get (it's exposed to the mastercontainer).
             # This container by default only exposes port 443 if not configured otherwise via APACHE_PORT.
             disable_http_challenge
diff --git a/Containers/mastercontainer/acme.Caddyfile b/Containers/mastercontainer/acme.Caddyfile
index 8a0d4931..77d7df9e 100644
--- a/Containers/mastercontainer/acme.Caddyfile
+++ b/Containers/mastercontainer/acme.Caddyfile
@@ -49,6 +49,7 @@ https://:8443 {
 	tls {
 		on_demand
 		issuer acme {
+            profile shortlived
 			disable_tlsalpn_challenge
 		}
 	}