1. Caddy version (caddy version):
Caddy v1.0.3
2. How I run Caddy:
I have a droplet on DigitalOcean. On this droplet, I’m using systemctl to run a Rails application and caddy.
a. System environment:
Ubuntu 18.04.3 x64
b. Command:
I’m using this command in my caddy.service file:
ExecStart=/usr/local/bin/caddy -log stdout -agree=true -conf=/etc/caddy/Caddyfile -root=/var/tmp
c. Service/unit/compose file:
[Unit]
Description=Caddy HTTP/2 web server
Documentation=https://caddyserver.com/docs
After=network-online.target
Wants=network-online.target
[Service]
#Restart=on-failure
StartLimitInterval=86400
StartLimitBurst=5
User=root
Group=root
; Letsencrypt-issued certificates will be written to this directory.
Environment=CADDYPATH=/etc/ssl/caddy
ExecStart=/usr/local/bin/caddy -log stdout -agree=true -conf=/etc/caddy/Caddyfile -root=/var/tmp
ExecReload=/bin/kill -USR1 $MAINPID
LimitNOFILE=1048576
LimitNPROC=64
PrivateTmp=true
PrivateDevices=true
ProtectHome=true
ProtectSystem=full
ReadWriteDirectories=/etc/ssl/caddy
; The following additional security directives only work with systemd v229 or later.
; They further retrict privileges that can be gained by caddy. Uncomment if you like.
; Note that you may have to add capabilities required by any plugins in use.
;CapabilityBoundingSet=CAP_NET_BIND_SERVICE
;AmbientCapabilities=CAP_NET_BIND_SERVICE
;NoNewPrivileges=true
[Install]
WantedBy=multi-user.target
d. My complete Caddyfile or JSON config:
victorfinkelstein.com {
tls /home/sammy/victorfinkelstein.com.crt /home/sammy/victorfinkelstein.com.key
root /code/myblog
gzip
proxy / http://localhost:5002 {
transparent
}
}
3. The problem I’m having:
I’m trying to use a certificate generated by Cloudflare instead of the ones generated by Caddy. I followed this guide:
I created the certificate and key files in the directory /home/sammy
However, when I try to start the caddy process:
systemctl start caddy.service
I get the following error (see next section).
4. Error messages and/or full log output:
Nov 06 14:58:24 ubuntu-s-1vcpu-1gb-ams3-01 systemd[1]: Started Caddy HTTP/2 web server.
Nov 06 14:58:25 ubuntu-s-1vcpu-1gb-ams3-01 caddy[770]: 2020/11/06 14:58:25 /etc/caddy/Caddyfile:26 - Error during parsing: Unable to load certificate and key files for 'victorfinkelstein.com': open /home/sammy/victorfinkelstein.com.crt: no such file or directory
Nov 06 14:58:25 ubuntu-s-1vcpu-1gb-ams3-01 systemd[1]: caddy.service: Main process exited, code=exited, status=1/FAILURE
Nov 06 14:58:25 ubuntu-s-1vcpu-1gb-ams3-01 systemd[1]: caddy.service: Failed with result 'exit-code'.
5. What I already tried:
I checked several times the paths and there’s no error. On this topic (What are the appropriate permissions for PEM files?) it’s written that chown root:www-data and chmod 640 are enough for caddy to open and work with the certificate and key but it still not working.
Here is the result of ls -l /home/sammy/
-rw-r----- 1 root www-data 1696 Nov 6 09:50 victorfinkelstein.com.crt
-rw-r----- 1 root www-data 1704 Nov 6 09:51 victorfinkelstein.com.key
II always get the same error so I’m not sure what’s wrong.
I even tried to do open /home/sammy/victorfinkelstein.com.crt in my terminal and it doesn’t return me any error!
Thanks.