Thanks for quick review. I don’t want to use ACME for now, I removed ca and ca_root properties, I wasn’t sure if I need them for certificates.
New Caddyfile:
{
debug
}
nuc.local.net {
tls nuc-local.crt nuc-local.key {
}
respond "Hello world!"
}
Here’re Caddy logs:
2024/05/23 08:18:21.010 INFO using adjacent Caddyfile
2024/05/23 08:18:21.011 INFO admin admin endpoint started {"address": "localhost:2019", "enforce_origin": false, "origins": ["//localhost:2019", "//[::1]:2019", "//127.0.0.1:2019"]}
2024/05/23 08:18:21.011 INFO tls.cache.maintenance started background certificate maintenance {"cache": "0xc00044b780"}
2024/05/23 08:18:21.011 WARN tls stapling OCSP {"error": "no OCSP stapling for [nuc.local.net]: no OCSP server specified in certificate"}
2024/05/23 08:18:21.011 DEBUG events event {"name": "cached_unmanaged_cert", "id": "290a57a1-5b63-42d8-99fb-e9dfd2df0310", "origin": "tls", "data": {"sans":["nuc.local.net"]}}
2024/05/23 08:18:21.011 DEBUG tls.cache added certificate to cache {"subjects": ["nuc.local.net"], "expiration": "2024/05/24 07:25:07.000", "managed": false, "issuer_key": "", "hash": "c4debc697980f72cc5f721d6f3f7e91338f1bb6f1b30bd01d26ebbdf1764d978", "cache_size": 1, "cache_capacity": 10000}
2024/05/23 08:18:21.011 INFO http.auto_https skipping automatic certificate management because one or more matching certificates are already loaded {"domain": "nuc.local.net", "server_name": "srv0"}
2024/05/23 08:18:21.011 INFO http.auto_https enabling automatic HTTP->HTTPS redirects {"server_name": "srv0"}
2024/05/23 08:18:21.011 DEBUG http.auto_https adjusted config {"tls": {"automation":{"policies":[{}]}}, "http": {"servers":{"remaining_auto_https_redirects":{"listen":[":80"],"routes":[{},{}]},"srv0":{"listen":[":443"],"routes":[{"handle":[{"handler":"subroute","routes":[{"handle":[{"body":"Hello world!","handler":"static_response"}]}]}],"terminal":true}],"tls_connection_policies":[{"match":{"sni":["nuc.local.net"]},"certificate_selection":{"any_tag":["cert0"]}},{}],"automatic_https":{}}}}}
2024/05/23 08:18:21.011 INFO http enabling HTTP/3 listener {"addr": ":443"}
2024/05/23 08:18:21.011 DEBUG http starting server loop {"address": "[::]:443", "tls": true, "http3": true}
2024/05/23 08:18:21.011 INFO http.log server running {"name": "srv0", "protocols": ["h1", "h2", "h3"]}
2024/05/23 08:18:21.011 DEBUG http starting server loop {"address": "[::]:80", "tls": false, "http3": false}
2024/05/23 08:18:21.011 INFO http.log server running {"name": "remaining_auto_https_redirects", "protocols": ["h1", "h2", "h3"]}
2024/05/23 08:18:21.012 INFO autosaved config (load with --resume flag) {"file": "/root/.config/caddy/autosave.json"}
2024/05/23 08:18:21.012 INFO serving initial configuration
2024/05/23 08:18:21.012 INFO tls cleaning storage unit {"storage": "FileStorage:/root/.local/share/caddy"}
2024/05/23 08:18:21.013 INFO tls finished cleaning storage units
2024/05/23 08:18:44.314 DEBUG events event {"name": "tls_get_certificate", "id": "1738c85d-dbfb-4efe-a2c7-2c0848d2c384", "origin": "tls", "data": {"client_hello":{"CipherSuites":[4866,4867,4865,49196,49200,159,52393,52392,52394,49195,49199,158,49188,49192,107,49187,49191,103,49162,49172,57,49161,49171,51,157,156,61,60,53,47,255],"ServerName":"nuc.local.net","SupportedCurves":[29,23,30,25,24,256,257,258,259,260],"SupportedPoints":"AAEC","SignatureSchemes":[1027,1283,1539,2055,2056,2057,2058,2059,2052,2053,2054,1025,1281,1537,771,769,770,1026,1282,1538],"SupportedProtos":["h2","http/1.1"],"SupportedVersions":[772,771],"RemoteAddr":{"IP":"192.168.1.21","Port":36266,"Zone":""},"LocalAddr":{"IP":"192.168.1.21","Port":443,"Zone":""}}}}
2024/05/23 08:18:44.315 DEBUG tls.handshake choosing certificate {"identifier": "nuc.local.net", "num_choices": 1}
2024/05/23 08:18:44.315 DEBUG tls.handshake custom certificate selection results {"identifier": "nuc.local.net", "subjects": ["nuc.local.net"], "managed": false, "issuer_key": "", "hash": "c4debc697980f72cc5f721d6f3f7e91338f1bb6f1b30bd01d26ebbdf1764d978"}
2024/05/23 08:18:44.315 DEBUG tls.handshake matched certificate in cache {"remote_ip": "192.168.1.21", "remote_port": "36266", "subjects": ["nuc.local.net"], "managed": false, "expiration": "2024/05/24 07:25:07.000", "hash": "c4debc697980f72cc5f721d6f3f7e91338f1bb6f1b30bd01d26ebbdf1764d978"}
2024/05/23 08:18:45.321 DEBUG events event {"name": "tls_get_certificate", "id": "a30c214b-d81a-4aa4-99c9-039c7e1e8ffd", "origin": "tls", "data": {"client_hello":{"CipherSuites":[4866,4867,4865,49196,49200,159,52393,52392,52394,49195,49199,158,49188,49192,107,49187,49191,103,49162,49172,57,49161,49171,51,157,156,61,60,53,47,255],"ServerName":"nuc.local.net","SupportedCurves":[29,23,30,25,24,256,257,258,259,260],"SupportedPoints":"AAEC","SignatureSchemes":[1027,1283,1539,2055,2056,2057,2058,2059,2052,2053,2054,1025,1281,1537,771,769,770,1026,1282,1538],"SupportedProtos":["h2","http/1.1"],"SupportedVersions":[772,771],"RemoteAddr":{"IP":"192.168.1.21","Port":36296,"Zone":""},"LocalAddr":{"IP":"192.168.1.21","Port":443,"Zone":""}}}}
2024/05/23 08:18:45.321 DEBUG tls.handshake choosing certificate {"identifier": "nuc.local.net", "num_choices": 1}
2024/05/23 08:18:45.321 DEBUG tls.handshake custom certificate selection results {"identifier": "nuc.local.net", "subjects": ["nuc.local.net"], "managed": false, "issuer_key": "", "hash": "c4debc697980f72cc5f721d6f3f7e91338f1bb6f1b30bd01d26ebbdf1764d978"}
2024/05/23 08:18:45.321 DEBUG tls.handshake matched certificate in cache {"remote_ip": "192.168.1.21", "remote_port": "36296", "subjects": ["nuc.local.net"], "managed": false, "expiration": "2024/05/24 07:25:07.000", "hash": "c4debc697980f72cc5f721d6f3f7e91338f1bb6f1b30bd01d26ebbdf1764d978"}