Applying Wildcard Cert to Caddy

SysAdmin · September 14, 2018, 6:12pm

explain what you are trying to do
I’m trying to use my wildcard cert with Caddy, installed with Snap.
show what you have already tried,
I have installed Rocket Chat via Snap and Caddy via Snap.
I followed the directions from
Auto SSL with Snaps - Rocket.Chat Docs and now just need to apply my certs. I have the cert download from my provider and the key was exported from a windows server.
include error messages and log output,
I’m not sure what location to place the certs and how to configure to work with HTTPS
and link to any relevant resources.
Auto SSL with Snaps - Rocket.Chat Docs

Thank you in advance!

Whitestrake · September 15, 2018, 4:49pm

Put them anywhere on your file system that is secure.

Refer to that location when you declare your cert and key with the tls directive.

Don’t forget to set your ports and HTTP->S upgrade redirection explicitly; bringing your own keys disables Automatic HTTPS, which usually takes care of this for you.

SysAdmin · September 17, 2018, 7:29pm

Thank you for the help. I’m pretty new to this, do you know what I would use for the tls command? Also, does it matter what the cert format is? .pem .cer, etc.?

For the https can I just disable iptables?

Whitestrake · September 18, 2018, 2:07am

The documentation for the TLS directive explains how to specify your cert/key and what format they should take.

https://caddyserver.com/docs/tls

I would not recommend disabling iptables. If you’re not comfortable manipulating iptables directly, consider installing ufw.

SysAdmin · September 24, 2018, 4:32pm

Can you explain how to check this? I can’t find anything.

Also, can you look at how I have it in the Caddy file and see if it’s correct?

Caddyfile

Thank you!

Whitestrake · September 24, 2018, 11:52pm

Not much to check, you’d know if you had configured it already.

The Automatic HTTPS feature does a few things for you, namely:

By default, Caddy will bind to ports 80 and 443 to serve HTTPS and redirect HTTP to HTTPS.

– Automatic HTTPS — Caddy Documentation

But it only does this if you aren’t providing your own cert/key:

Caddy automatically enables HTTPS for all your sites, given that some reasonable criteria are met:

[…]

Certificates and keys are not provided by you

– Automatic HTTPS — Caddy Documentation

Since you are providing your own cert, the site will be served over HTTPS on port 2015 by default instead.

If you want to change that so Caddy serves HTTP on port 80 and HTTPS on port 443, you’ll need to specify the scheme/port. You can do that in the site label:

https://caddyserver.com/docs/http-caddyfile#addresses

And if you want to redirect HTTP traffic to upgrade them to HTTPS, you’ll need to add a redirect to your HTTP site pointing to the HTTPS site:

https://caddyserver.com/docs/redir

SysAdmin · September 28, 2018, 11:22pm

Thank you again for all the information but after a lot of time spent trying to figure it out, I just decided to go with Nginx. Do you know how I can uninstall/completely remove Caddy?

Thank you

Whitestrake · September 29, 2018, 8:39am

Depends on how you installed it and ran it - normally, it’s a single binary, and it places certificate data in $CADDYPATH (defaults to ~/.caddy). So:

Delete the caddy binary
Delete the Caddyfile you were using
Delete the $CADDYPATH

And there won’t be any trace left of Caddy on your system.

SysAdmin · October 4, 2018, 3:44pm

I installed with Snap. Would that be a different install?

Whitestrake · October 4, 2018, 11:38pm

Refer to Snap documentation.

Getting started | Snapcraft documentation
https://docs.snapcraft.io/reference/snap-command

system · January 2, 2019, 11:50pm

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.