Closed kelke closed 2 months ago
francislavoie
commented
2 months ago That line is not an error (notice it's at info level, not error), it's just an attempt to install the certs inside the container, but that's possible because there's no certutil command inside the container. It's working as expected.
You need to pull the root CA cert out of the container and install it on your host machine. See the docs: https://caddyserver.com/docs/running#local-https-with-docker
kelke
commented
2 months ago Importing the root CA was not the problem. In that case, the browser would have simply warned about a potential security risk.
The problem was that you need a hostname in the Caddyfile before
:443 for caddy to know what domain to generate a certificate for. Kind of makes sense of course.
That would be worth a warning in the logs though, I think.
mholt
commented
2 months ago You don't need a hostname though; you need on_demand TLS enabled OR you need to specify a hostname.
Maybe we could try to be smart about logging in this case though, and suggest that the user's config is incomplete. Pull request welcomed!
As of caddy:2.8.4 the
tls internaldirective does not work. With a Caddyfile as simple as:caddy will not be able to install the self-signed CA correctly, and as a result no website served over caddy-maanged CA will work.
The docker-output is as follows:
the line:
caddy | {"level":"info","ts":1720454573.3574488,"msg":"warning: \"certutil\" is not available, install \"certutil\" with \"apt install libnss3-tools\" or \"yum install nss-tools\" and try again"}is probably the only interesting one, but i included the whole output for completeness. I am not super comfortable on alpine, but it might be as simple as installing certutil.The browser output for such a site is as follows: