diff --git a/cmd/web_acme.go b/cmd/web_acme.go
index 03b3b9f0da..be6314addb 100644
--- a/cmd/web_acme.go
+++ b/cmd/web_acme.go
@@ -15,6 +15,7 @@ import (
 	"forgejo.org/modules/graceful"
 	"forgejo.org/modules/log"
 	"forgejo.org/modules/process"
+	"forgejo.org/modules/proxy"
 	"forgejo.org/modules/setting"
 
 	"github.com/caddyserver/certmagic"
@@ -76,6 +77,12 @@ func runACME(listenAddr string, m http.Handler) error {
 		ListenHost:              setting.HTTPAddr,
 		AltTLSALPNPort:          altTLSALPNPort,
 		AltHTTPPort:             altHTTPPort,
+		HTTPProxy:               proxy.Proxy(),
+	}
+
+	// Preserve behavior to use Let's encrypt test CA when Let's encrypt is CA.
+	if certmagic.DefaultACME.CA == certmagic.LetsEncryptProductionCA {
+		certmagic.DefaultACME.TestCA = certmagic.LetsEncryptStagingCA
 	}
 
 	magic := certmagic.NewDefault()
diff --git a/modules/setting/server.go b/modules/setting/server.go
index bff51f787d..3ff91d2cde 100644
--- a/modules/setting/server.go
+++ b/modules/setting/server.go
@@ -16,6 +16,8 @@ import (
 	"forgejo.org/modules/json"
 	"forgejo.org/modules/log"
 	"forgejo.org/modules/util"
+
+	"github.com/caddyserver/certmagic"
 )
 
 // Scheme describes protocol types
@@ -206,7 +208,7 @@ func loadServerFrom(rootCfg ConfigProvider) {
 			EnableAcme = sec.Key("ENABLE_LETSENCRYPT").MustBool(false)
 		}
 		if EnableAcme {
-			AcmeURL = sec.Key("ACME_URL").MustString("")
+			AcmeURL = sec.Key("ACME_URL").MustString(certmagic.LetsEncryptProductionCA)
 			AcmeCARoot = sec.Key("ACME_CA_ROOT").MustString("")
 
 			if sec.HasKey("ACME_ACCEPTTOS") {