"Activating privacy features" failed!

Hi,

I tried to use caddy as reverse proxy ssl termination on my Asus router. It’s an OpenWRT based Linux OS. I tried armv5 version of caddy and caddy can successfully serve default directory on port 2015 when it’s started without any configuration. I prepare a Caddyfile for reverse proxy and letsencrypt but when started, caddy throws an error about it couldn’t reach letsencryp api site;

Activating privacy features...2017/08/22 14:23:14 get directory at 'https://acme-v01.api.letsencrypt.org/directory': failed to get json "https://acme-v01.api.letsencrypt.org/directory": Get https://acme-v01.api.letsencrypt.org/directory: x509: failed to load system roots and no roots provided

I can successfully access this url with curl on router command line.

My Caddyfile is;

hq.esoft.com.tr {
    proxy / 192.168.1.2:5000 {
        transparent
    }
}

Anyone has an idea what’s problem?

Caddy can’t access your system’s root certificate store. I’m not sure how router OSes do it, but make sure that your OS has a properly configured root certificate store so that it can validate the certificate from Let’s Encrypt’s servers.

Hi Matt,

Thanks for quick reply. Certificate store is /opt/etc/ssl/certs on this system. Is there a way to force Caddy to pick them up from this path? e.g I can symlink it to somewhere Caddy lookup.

Hi Matt

I symlink /opt/etc/ssl to /etc/ssl and it worked. Thanks for your help.

2 Likes

Glad that worked! And thanks for posting how you fixed it.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.