ansible-playbooks/roles/caddy/vars/tls_caddy.yml

caddy_auto_tls_config:
  apps:
    tls:
      automation:
        policies:
          - subjects: "{{ caddy_domains }}"
            issuers:
              - module: acme
                ca: "{{ caddy_acme_endpoint }}"
                email: "{{ maintainer_email | d(None) }}"
                acme_timeout: 5m
                challenges:
                  http:
                    disabled: yes
                  tls-alpn:
                    disabled: yes
                  dns:
                    resolvers:
                      - 1.1.1.1
                      - 8.8.8.8
                    provider:
                      name: acmedns
                      config_file_path: "{{ caddy_acmedns_client_file }}"
                    propagation_delay: 15s
                    propagation_timeout: -1
                preferred_chains:
                  root_common_name:
                    - ISRG Root X1
            must_staple: yes
            key_type: p384
        renew_interval: 1h
      certificates:
        automate: "{{ caddy_domains }}"