1. Caddy version (caddy version
):
2.4.6
2. How I run Caddy:
a. System environment:
CentOS 7
b. Command:
systemctl start caddy, or caddy run
c. Service/unit/compose file:
# caddy.service
#
# For using Caddy with a config file.
#
# Make sure the ExecStart and ExecReload commands are correct
# for your installation.
#
# See https://caddyserver.com/docs/install for instructions.
#
# WARNING: This service does not use the --resume flag, so if you
# use the API to make changes, they will be overwritten by the
# Caddyfile next time the service is restarted. If you intend to
# use Caddy's API to configure it, add the --resume flag to the
# `caddy run` command or use the caddy-api.service file instead.
[Unit]
Description=Caddy
Documentation=https://caddyserver.com/docs/
After=network.target network-online.target
Requires=network-online.target
[Service]
Type=notify
User=caddy
Group=caddy
ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile
ExecReload=/usr/bin/caddy reload --config /etc/caddy/Caddyfile
TimeoutStopSec=5s
LimitNOFILE=1048576
LimitNPROC=512
PrivateTmp=true
ProtectSystem=full
AmbientCapabilities=CAP_NET_BIND_SERVICE
[Install]
WantedBy=multi-user.target
d. My complete Caddyfile or JSON config:
bb-lg.comcast.net:443 {
tls /etc/caddy/bb-lg.comcast.net.pem /etc/caddy/bb-lg.comcast.net.key
file_server {
root /etc/hyperglass/static/ui
}
file_server /custom/* {
root /etc/hyperglass/static/custom/
}
file_server /images/* {
root /etc/hyperglass/static/images/
}
reverse_proxy localhost:8001
}
3. The problem I’m having:
My tls certs expired, so I had to update them. I copied the new pem and key file to /etc/caddy using the same names as what was already in use, then I restarted caddy but it fails to restart.
4. Error messages and/or full log output:
$ caddy start
2022/04/27 17:17:18.726 INFO using adjacent Caddyfile
2022/04/27 17:17:18.728 WARN input is not formatted with ‘caddy fmt’ {“adapter”: “caddyfile”, “file”: “Caddyfile”, “line”: 2}
2022/04/27 17:17:18.729 INFO admin admin endpoint started {“address”: “tcp/localhost:2019”, “enforce_origin”: false, “origins”: [“localhost:2019”, “[::1]:2019”, “127.0.0.1:2019”]}
2022/04/27 17:17:18.730 INFO tls.cache.maintenance started background certificate maintenance {“cache”: “0xc0000e76c0”}
2022/04/27 17:17:18.730 INFO tls.cache.maintenance stopped background certificate maintenance {“cache”: “0xc0000e76c0”}
run: loading initial config: loading new config: loading http app module: provision http: getting tls app: loading tls app module: provision tls: loading certificates: tls: failed to find “CERTIFICATE” PEM block in certificate input after skipping PEM blocks of the following types: [DH PARAMETERS]
start: caddy process exited with error: exit status 1
5. What I already tried:
I’m not sure what to try since it was working previously with the old certificate. I changed nothing except the certificate pem and key file. I did not alter Caddyfile and it is using the same filenames.