Error installing root certificate

While running Caddy v2 2.2.1 installed on a QNAP server, root certificate would not install as it would with Caddy v1.

Any help much appreciated.

caddy.json:
{
“apps”: {
“http”: {
“servers”: {
“myserver”: {
“listen”: [":443"],
“routes”: [
{
“match”: [{“host”: [“localhost”]}],
“handle”: [{
“handler”: “file_server”,
“root”: “/share/CACHEDEV1_DATA/.qpkg/Caddy2/var/www/jetpic.zapto.org”
}]
}
]
}
}
}
}
}

Error message :

[~] # caddy run --config /share/CACHEDEV1_DATA/.qpkg/Caddy2/conf/caddy.json
2020/12/15 02:46:13.321 INFO using provided configuration {“config_file”:"/share/CACHEDEV1_DATA/ .qpkg/Caddy2/conf/caddy.json", “config_adapter”: “”}
2020/12/15 02:46:13.323 INFO admin admin endpoint started {“address”: “tcp/localhost:2019”, “enforce_origin”: false, “origins”: [“127.0.0.1:2019”, “localhost:2019”, “[::1]:2019”]}
2020/12/15 02:46:13.327 INFO http enabling automatic HTTP->HTTPS redirects {“server_name”:“myserver”}
2020/12/15 02:46:13.327 INFO tls.cache.maintenance started background certificate maintenance {“cache”: “0xc000364000”}
2020/12/15 02:46:13.347 INFO tls setting internal issuer for automation policy that has only int ernal subjects but no issuer configured {“subjects”: [“localhost”]}
2020/12/15 02:46:13.349 INFO tls cleaned up storage units
2020/12/15 02:46:13.455 WARN pki.ca.local installing root certificate (you might be prompted for password) {“path”: “storage:pki/authorities/local/root.crt”}
2020/12/15 10:46:13 Warning: “certutil” is not available, install “certutil” with “apt install libnss3- tools” or “yum install nss-tools” and try again
2020/12/15 10:46:13 define JAVA_HOME environment variable to use the Java trust
2020/12/15 02:46:13.455 ERROR pki.ca.local failed to install root certificate {“error”: “inst all is not supported on this system”, “certificate_file”: “storage:pki/authorities/local/root.crt”}
2020/12/15 02:46:13.455 INFO http enabling automatic TLS certificate management {“domains”: [“localhost”]}
2020/12/15 02:46:13.456 WARN tls stapling OCSP {“error”: “no OCSP stapling for [localhost]: no OCSP server specified in certificate”}
2020/12/15 02:46:13.457 INFO autosaved config {“file”: “/root/.config/caddy/autosave.json”}
2020/12/15 02:46:13.457 INFO serving initial configuration

That’s actually not a problem. That’s just the library we use for managing a local CA complaining that it couldn’t install the root certificate in your system’s trust store. It could be for any number of reasons. Most likely is not having the requisite permissions.

Thanks for your answer

Sadly the server doesnt respond on port 443.

If I run caddy with the Caddyfile , certificates issued correctly and server responds on port 443.
When I run it with caddy.json, issues with certificate issuance and no response from server on port 443.
Would then seem I have some json config error.

Caddyfile:
jetpic.zapto.org {

root * /share/CACHEDEV1_DATA/.qpkg/Caddy2/var/www/jetpic.zapto.org
file_server browse

}

caddy.json:
{
“apps”: {
“http”: {
“servers”: {
“myserver”: {
“listen”: [":443"],
“routes”: [
{
“match”: [{“host”: [“localhost”]}],
“handle”: [{
“handler”: “file_server”,
“root”: “/share/CACHEDEV1_DATA/.qpkg/Caddy2/var/www/jetpic.zapto.org”
}]
}
]
}
}
}
}
}

Thanks again.

Use the caddy adapt command on your Caddyfile to see what the underlying JSON looks like. You can then compare them and see what you missed.

Also, please use ``` on the lines before and after your configs and logs to use code formatting. It’s very difficult to read your config because it’s poorly formatted.

Thank you,

Problem solved. I will try and have a better understanding on how to script the json config file.

Understood about the formatting.

Best

This topic was automatically closed after 30 days. New replies are no longer allowed.