"Activating privacy features" failed!


I tried to use caddy as reverse proxy ssl termination on my Asus router. It’s an OpenWRT based Linux OS. I tried armv5 version of caddy and caddy can successfully serve default directory on port 2015 when it’s started without any configuration. I prepare a Caddyfile for reverse proxy and letsencrypt but when started, caddy throws an error about it couldn’t reach letsencryp api site;

Activating privacy features...2017/08/22 14:23:14 get directory at 'https://acme-v01.api.letsencrypt.org/directory': failed to get json "https://acme-v01.api.letsencrypt.org/directory": Get https://acme-v01.api.letsencrypt.org/directory: x509: failed to load system roots and no roots provided

I can successfully access this url with curl on router command line.

My Caddyfile is;

hq.esoft.com.tr {
    proxy / {

Anyone has an idea what’s problem?

Caddy can’t access your system’s root certificate store. I’m not sure how router OSes do it, but make sure that your OS has a properly configured root certificate store so that it can validate the certificate from Let’s Encrypt’s servers.

Hi Matt,

Thanks for quick reply. Certificate store is /opt/etc/ssl/certs on this system. Is there a way to force Caddy to pick them up from this path? e.g I can symlink it to somewhere Caddy lookup.

Hi Matt

I symlink /opt/etc/ssl to /etc/ssl and it worked. Thanks for your help.


Glad that worked! And thanks for posting how you fixed it.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.