1. Output of caddy version
:
v2.5.2
2. How I run Caddy:
a. System environment:
Linux
b. Command:
start-stop-daemon --start --background --name caddy --exec /usr/bin/caddy -- run --pidfile /run/caddy.pid --resume --environ --envfile /etc/caddy/caddy.env
d. My complete Caddy config:
{
"apps": {
"http": {
"servers": {
"srv0": {
"listen": [
"0.0.0.0:443"
],
"routes": [
{
"@id": "test1-path-demo",
"handle": [
{
"handler": "subroute",
"routes": [
{
"handle": [
{
"handler": "static_response",
"headers": {
"Location": [
"/test1/"
]
},
"status_code": "302"
}
],
"match": [
{
"path": [
"/test1"
]
}
]
},
{
"handle": [
{
"handler": "subroute",
"routes": [
{
"handle": [
{
"handler": "rewrite",
"strip_path_prefix": "/test1"
}
]
},
{
"handle": [
{
"handler": "static_response",
"body": "Hallo von Test1"
}
]
}
]
}
],
"match": [
{
"path": [
"/test1/*"
]
}
]
}
]
}
]
}
],
"tls_connection_policies": [
{}
]
}
}
},
"tls": {
"automation": {
"policies": [
{
"on_demand": true,
"issuers": [
{
"module": "internal",
"ca": "my_ca"
}
]
}
]
}
},
"pki": {
"certificate_authorities": {
"my_ca": {
"root_common_name": "Standard Root CA",
"intermediate_common_name": "Standard Intermediate CA"
}
}
}
},
"logging": {
"sink": {
"writer": {
"output": "file",
"roll_size_mb": 5,
"filename": "/home/user/var/caddy/caddy-standard.sink"
}
},
"logs": {
"logging": {
"writer": {
"output": "file",
"roll_size_mb": 5,
"filename": "/home/user/var/caddy/caddy-standard.log"
},
"level": "INFO"
}
}
},
"admin": {
"listen": "unix//run/caddy-standard.sock"
}
}
3. The problem I’m having:
I use caddy in our local network to serve a webservice. I do not use a DNS hostname, the webpage gets visited via the IP of the server.
I want my users to be able to retrieve the root certificate of the caddy internal CA via the browser so that they can import it and the browser does not show the HTTPS warnings.
When I check the HTTPS Certificate via the browser it is shown as invalid and an error is displayed that says the issuer of the intermediate certificate could not be found. The certificate chain is not complete, the certificate of the CA is not included, only the server certificate and the intermediate certificate. Therefore my users can not import it to trust the internal CA of caddy.
Is it possible to configure Caddy such that I can export the Root certificate via the browser?
4. Error messages and/or full log output:
Intermediate Certificate: Certificate’s issuer could not be found.
5. What I already tried:
Tested with different browsers (Chrome, Firefox).
Via the caddy API I can retrieve the complete certificate chain.