1. The problem I’m having:
I have set up the SSL root certificate with caddy trust.
I run this file with bin/caddy run, and then when I make a request in the browser to dashboard.localhost or ryan.localhost, I see the apps I want to see.
However, if I make a request using HTTPie, I get this error:
http: error: SSLError: HTTPSConnectionPool(host='dashboard.localhost', port=443): Max retries exceeded with url: / (Caused by SSLError(SSLCertVerificationError(1, '[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: unable to get local issuer certificate (_ssl.c:1000)'))) while doing a GET request to URL: https://dashboard.localhost/
And I see a similar issue when I attempt to make a request with the HTTP gem in Ruby:
OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 peeraddr=[::1]:443 state=error: certificate verify failed (unable to get local issuer certificate)
This makes me suspect I’ve missed a setup step here with caddy.
Caddy’s output is:
3. Caddy version:
The version I’m running is v2.8.4.
4. How I installed and ran Caddy:
I downloaded Caddy from the site and copied it into a bin directory of a dir that contains the Caddyfile.
a. System environment:
I"m on a Mac.
b. Command:
bin/caddy run
Generating this output:
2024/07/25 20:52:46.599 INFO using adjacent Caddyfile
2024/07/25 20:52:46.601 INFO adapted config to JSON {"adapter": "caddyfile"}
2024/07/25 20:52:46.610 INFO admin admin endpoint started {"address": "localhost:2019", "enforce_origin": false, "origins": ["//localhost:2019", "//[::1]:2019", "//127.0.0.1:2019"]}
2024/07/25 20:52:46.617 INFO tls.cache.maintenance started background certificate maintenance {"cache": "0xc0007b8700"}
2024/07/25 20:52:46.620 INFO http.auto_https server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS {"server_name": "srv0", "https_port": 443}
2024/07/25 20:52:46.621 INFO http.auto_https enabling automatic HTTP->HTTPS redirects {"server_name": "srv0"}
2024/07/25 20:52:46.644 INFO tls storage cleaning happened too recently; skipping for now {"storage": "FileStorage:/Users/ryan.bigg/Library/Application Support/Caddy", "instance": "f386b5c7-ce65-4caa-a570-8fcd8599f39d", "try_again": "2024/07/26 20:52:46.644", "try_again_in": 86399.999919708}
2024/07/25 20:52:46.644 INFO tls finished cleaning storage units
2024/07/25 20:52:46.645 INFO pki.ca.local root certificate is already trusted by system {"path": "storage:pki/authorities/local/root.crt"}
2024/07/25 20:52:46.646 INFO http enabling HTTP/3 listener {"addr": ":443"}
2024/07/25 20:52:46.649 INFO http.log server running {"name": "srv0", "protocols": ["h1", "h2", "h3"]}
2024/07/25 20:52:46.649 INFO http.log server running {"name": "remaining_auto_https_redirects", "protocols": ["h1", "h2", "h3"]}
2024/07/25 20:52:46.650 INFO http enabling automatic TLS certificate management {"domains": ["dashboard.localhost", "ryan.localhost"]}
2024/07/25 20:52:46.654 WARN tls stapling OCSP {"error": "no OCSP stapling for [dashboard.localhost]: no OCSP server specified in certificate", "identifiers": ["dashboard.localhost"]}
2024/07/25 20:52:46.658 WARN tls stapling OCSP {"error": "no OCSP stapling for [ryan.localhost]: no OCSP server specified in certificate", "identifiers": ["ryan.localhost"]}
2024/07/25 20:52:46.660 INFO autosaved config (load with --resume flag) {"file": "/Users/ryan.bigg/Library/Application Support/Caddy/autosave.json"}
2024/07/25 20:52:46.660 INFO serving initial configuration
d. My complete Caddy config:
(service_template) {
reverse_proxy {
to "localhost:{args[0]}"
}
}
dashboard.localhost {
import service_template 3003
}
ryan.localhost {
import service_template 3006
}