Get_certificate locally hosted


I have a locally hosted certificate store that i generate with and have hosted with lighttpd. I am attemping to use the get_certificate option under the tls directive in order to acquire the cert and key files. However, it keeps coming back with it being unable to find the key. I do see that caddy does try to reach out to the lighttpd server to acquire this key.

For all intents and purposes i have replaced the actual domain name with somedomain

Here is the pertaining line from my Caddyfile:

tls {
	get_certificate http http://ca-dev.pnet:4580/somedomain_ecc/

I generate the certificate with using the following line:

export NAMECHEAP_API_KEY=someapikey && export NAMECHEAP_USERNAME=someusername && export NAMECHEAP_SOURCEIP=someip && ./ --issue --dns dns_namecheap -d somedomain -d ‘*.somedomain’

when i open up http://ca-dev.pnet:4580 in a browser, i get a directory listing and see all files available.

Ive tried directly linking to the fullcert.cer file and I get an error stating the privatekey is not found.

Any more information that I could provide?

What could i be doing wrong?

Hmm looks like these may pertain to my issue and perhaps its fixed in 2.7.0-beta.2?

The tls.get_certificate.http module sends requests with the query param server_name having the domain name. Your endpoint needs to be a server that looks at that query param and returns both the cert and key PEM contents concatenated one after the other (one request, not separate requests for the cert and key). Pointing it to a file server won’t work because it won’t be reading from server_name (unless you only have a single domain to serve).

1 Like

Hmm. Is there anything out there that could better explain how one would setup a server to handle such a request?

You’ll probably need some actual code to handle the request. Use your scripting language of your choice. It’s really as simple as reading the server_name query param, doing a lookup in your storage to see if you have matching certs/keys, then serving a response body with the cert and key PEM concatenated one after the other. The response should look like:

1 Like

Not my cleanest work and I need to fix some items that causes some permissions issues, but this is a quick php script that does the trick.

$serverName = $_GET['server_name'];

$crt = '';
$key = '';

if ($serverName === 'domain1') {
    $crt = 'domain1_ecc/domain1.cer';
    $key = 'domain1_ecc/domain1.key';
} elseif ($serverName === 'domain2') {
    $crt = 'domain2_ecc/domain2.crt';
    $key = 'domain2_ecc/domain2.key';

if (!empty($crt) && !empty($key)) {
    echo file_get_contents($crt);
    echo file_get_contents($key);
} else {
    echo "Server name not found.";

1 Like

Bingo! Something like that should be fine. :+1:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.