Your company here, and a link to your site. Click to find out more.

caddy-untrust - Man Page

Untrusts a locally-trusted CA certificate


caddy untrust [flags]


Untrusts a root certificate from the local trust store(s).

This command uninstalls trust; it does not necessarily delete the root certificate from trust stores entirely. Thus, repeatedly trusting and untrusting new certificates can fill up trust databases.

This command does not delete or modify certificate files from Caddy's configured storage.

This command can be used in one of two ways. Either by specifying which certificate to untrust by a direct path to the certificate file with the --cert flag, or by fetching the root certificate for the CA from the admin API (default behaviour).

If the admin API is used, then the CA defaults to 'local'. You may specify the ID of another CA with the --ca flag. By default, this will attempt to connect to the Caddy's admin API running at You may explicitly specify the --address, or use the --config flag to load the admin address from your config, if not using the default.


-a, --adapter="" Name of config adapter to apply (if --config is used)

--address="" Address of the administration API listener (if --config is not used)

--ca="" The ID of the CA to untrust (defaults to 'local')

-p, --cert="" The path to the CA certificate to untrust

-c, --config="" Configuration file (if --address is not used)

-h, --help[=false] help for untrust

See Also



11-Feb-2024 Auto generated by spf13/cobra

Referenced By


Feb 2024 Auto generated by spf13/cobra