acmeserver: Add sign_with_root for Caddyfile (#6345)

* Added sign_with_root option available in the Caddyfile

* Added tests for sign_with_root to validate the adapted JSON config

caddytest/integration/caddyfile_adapt/acme_server_sign_with_root.caddyfiletest

@@ -0,0 +1,67 @@
+{
+	pki {
+		ca internal {
+			name "Internal"
+			root_cn "Internal Root Cert"
+			intermediate_cn "Internal Intermediate Cert"
+		}
+    }
+}
+
+acme.example.com {
+	acme_server {
+		ca internal
+		sign_with_root
+	}
+}
+----------
+{
+	"apps": {
+		"http": {
+			"servers": {
+				"srv0": {
+					"listen": [
+						":443"
+					],
+					"routes": [
+						{
+							"match": [
+								{
+									"host": [
+										"acme.example.com"
+									]
+								}
+							],
+							"handle": [
+								{
+									"handler": "subroute",
+									"routes": [
+										{
+											"handle": [
+												{
+													"ca": "internal",
+													"handler": "acme_server",
+													"sign_with_root": true
+												}
+											]
+										}
+									]
+								}
+							],
+							"terminal": true
+						}
+					]
+				}
+			}
+		},
+		"pki": {
+			"certificate_authorities": {
+				"internal": {
+					"name": "Internal",
+					"root_common_name": "Internal Root Cert",
+					"intermediate_common_name": "Internal Intermediate Cert"
+				}
+			}
+		}
+	}
+}

modules/caddypki/acmeserver/caddyfile.go

@@ -42,6 +42,7 @@ func init() {
 //			domains <domains...>
 //			ip_ranges <addresses...>
 //		}
+//		sign_with_root
 //	}
 func parseACMEServer(h httpcaddyfile.Helper) ([]httpcaddyfile.ConfigValue, error) {
 	h.Next() // consume directive name
@@ -136,6 +137,11 @@ func parseACMEServer(h httpcaddyfile.Helper) ([]httpcaddyfile.ConfigValue, error
 				acmeServer.Policy = &Policy{}
 			}
 			acmeServer.Policy.Deny = r
+		case "sign_with_root":
+			if h.NextArg() {
+				return nil, h.ArgErr()
+			}
+			acmeServer.SignWithRoot = true
 		default:
 			return nil, h.Errf("unrecognized ACME server directive: %s", h.Val())
 		}