Caddy Equivalent to SSLCertificateChainFile

aaronellington · February 14, 2017, 3:31pm

I’m kind of new to TLS but I have a cert from GoDaddy for my domain. I can use it no problem in Apache2 by using the SSLCertificateChainFile option for the vhost, but I’m having trouble getting it to work in caddy.

Here are the files I have (Located in /etc/ssl):

mydomain.net.crt
mydomain.net.key
gd_bundle-g2-g1.crt

Here is my Caddyfile:

mydomain.net {
    root /var/www/mydomain
    tls  /etc/ssl/mydomain.net.crt  /etc/ssl/mydomain.net.key
}

It works fine in Chrome on my Mac but Linux complains when using curl:

curl: (60) server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none

I got the same error while using apache2 until I added SSLCertificateChainFile /etc/ssl/gd_bundle-g2-g1.crt to my vhosts config.

Just to review: Using the same crt and key files (except for gd_bundle-g2-g1.crt which I do not know how to use in caddy) curl in linux works with apache and does not with caddy.

Any suggestions?

vClouds · February 14, 2017, 8:49pm

The file /etc/ssl/mydomain.net.crt actually is a CAT of server crt and root crt files, so that, you can split it back and then,

cat /etc/ssl/CA.crt >> /etc/ssl/gd_bundle-g2-g1.crt

you may try cat /etc/ssl/mydomain.net.crt >> /etc/ssl/gd_bundle-g2-g1.crt (I didn’t try it, you can).

aaronellington · February 15, 2017, 12:37pm

That worked except I had to reverse it: cat /etc/ssl/gd_bundle-g2-g1.crt >> /etc/ssl/mydomain.net.crt.

Thank you!!!

system · May 16, 2017, 12:45pm

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.