diff --git a/caddytls/setup.go b/caddytls/setup.go
index 11668b8a3..4966277e9 100644
--- a/caddytls/setup.go
+++ b/caddytls/setup.go
@@ -66,6 +66,12 @@ func setupTLS(c *caddy.Controller) error {
 		for c.NextBlock() {
 			hadBlock = true
 			switch c.Val() {
+			case "ca":
+				arg := c.RemainingArgs()
+				if len(arg) != 1 {
+					return c.ArgErr()
+				}
+				config.CAUrl = arg[0]
 			case "key_type":
 				arg := c.RemainingArgs()
 				value, ok := supportedKeyTypes[strings.ToUpper(arg[0])]
diff --git a/caddytls/setup_test.go b/caddytls/setup_test.go
index b609fde78..08555f7f3 100644
--- a/caddytls/setup_test.go
+++ b/caddytls/setup_test.go
@@ -277,6 +277,46 @@ func TestSetupParseWithClientAuth(t *testing.T) {
 	}
 }
 
+func TestSetupParseWithCAUrl(t *testing.T) {
+	testURL := "https://acme-staging.api.letsencrypt.org/directory"
+	for caseNumber, caseData := range []struct {
+		params        string
+		expectedErr   bool
+		expectedCAUrl string
+	}{
+		// Test working case
+		{`tls {
+				ca ` + testURL + `
+			}`, false, testURL},
+		// Test too few args
+		{`tls {
+				ca
+			}`, true, ""},
+		// Test too many args
+		{`tls {
+				ca 1 2
+			}`, true, ""},
+	} {
+		cfg := new(Config)
+		RegisterConfigGetter("", func(c *caddy.Controller) *Config { return cfg })
+		c := caddy.NewTestController("", caseData.params)
+		err := setupTLS(c)
+		if caseData.expectedErr {
+			if err == nil {
+				t.Errorf("In case %d: Expected an error, got: %v", caseNumber, err)
+			}
+			continue
+		}
+		if err != nil {
+			t.Errorf("In case %d: Expected no errors, got: %v", caseNumber, err)
+		}
+
+		if cfg.CAUrl != caseData.expectedCAUrl {
+			t.Errorf("Expected '%v' as CAUrl, got %#v", caseData.expectedCAUrl, cfg.CAUrl)
+		}
+	}
+}
+
 func TestSetupParseWithKeyType(t *testing.T) {
 	params := `tls {
             key_type p384