Chrome invalid certificat key

DevInt_Creation · February 21, 2023, 4:12pm

1. Caddy version:

Caddy v2.6.2 h1:wKoFIxpmOJLGl3QXoo6PNbYvGW4xLEgo32GPBEjWL8o=

2. How I installed, and run Caddy:

a. System environment:

Docker

b. Command:

docker compose up -d

c. Service/unit/compose file:

version: "3.4"

services:
  ...
  caddy:
    build:
      context: api/
      target: api_platform_caddy
    depends_on:
      - php
      - pwa
    environment:
      PWA_UPSTREAM: pwa:3000
      SERVER_NAME: ${SERVER_NAME:-localhost}
      SERVER_API_NAME: ${SERVER_API_NAME:-api.localhost}
    restart: unless-stopped
    volumes:
      - php_socket:/var/run/php
      - caddy_data:/data
      - caddy_config:/config
  ...
volumes:
  db_data:
  caddy_data:
  caddy_config:

d. My complete Caddy config:

{
    servers {
        timeouts {
            read_body 60s
            read_header 60s
            write 60s
            idle 60s
        }
        max_header_size 100MB
    }
}

{$SERVER_NAME} {

    log

    route {
        root * /usr/src/pwa

        # Add links to the API docs and to the Mercure Hub if not set explicitly (e.g. the PWA)
        header ?Link `</docs.jsonld>; rel="http://www.w3.org/ns/hydra/core#apiDocumentation", </.well-known/mercure>; rel="mercure"`
        # Disable Google FLOC tracking if not enabled explicitly: https://plausible.io/blog/google-floc
        header ?Permissions-Policy "interest-cohort=()"

        # Comment the following line if you don't want Next.js to catch requests for HTML documents.
        # In this case, they will be handled by the PHP app.
        reverse_proxy http://{$PWA_UPSTREAM}

        encode zstd gzip
        file_server
    }
}

{$SERVER_API_NAME} {

    log

    route {
        root * /srv/api/public

        header ?Access-Control-Allow-Origin "{args.0}"
        header ?Access-Control-Allow-Methods "GET, OPTIONS, POST, PUT, PATCH, DELETE"

        php_fastcgi unix//var/run/php/php-fpm.sock
        encode zstd gzip
        file_server
    }
}

3. The problem I’m having:

When front NextJS application run a fetch to api Api-platform apllication, there is an error with invalid certificates Error when getting the resource: TypeError: Failed to fetch

GET https://api.localhost/posts/homepage net::ERR_CERT_AUTHORITY_INVALID

4. Error messages and/or full log output:

5. What I already tried:

As it is purpose in this answer post https://caddy.community/t/untrusted-certificate/18167/4?u=devint_creation, I copy the root.crt from docker Caddy infrastructure and try to import it into Chrome. My browser said me that The private key of this client certificate is missing or incorrect.

How can I make this certificate correct and continue to develop my application on local host ?

6. Links to relevant resources:

Untrusted certificate - #4 by francislavoie

francislavoie · February 21, 2023, 7:28pm

You probably tried to add it as a client certificate. That’s not correct.

You need to add it to your system’s and browser’s trust store.

DevInt_Creation · February 22, 2023, 1:34pm

Yes, in the French version of Chrome, it’s “Autorités”. I put my caddy certificate in “Vos certificats”. The naming is ambiguous

francislavoie · February 22, 2023, 1:48pm

Yeah, “vos” implies “client”… “certificats client” might be an easier to understand translation.

system · March 24, 2023, 1:49pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.