I’m trying to figure out how to get Caddy working with HTTPS on localhost. Out of the box, I’m getting security risk warnings in both Firefox and Chrome. I looked through this doc here: Automatic HTTPS — Caddy Documentation and to be honest, much of it is over my head.
I thought maybe I could install an SSL cert manually myself and have Caddy use that. I started following the tutorial here: Create Locally Trusted SSL Certificates with mkcert on Windows - TechnixLeo but I’m not sure how to have Caddy use that cert or if that is even possible.
Caddy will only set up its internal issuer if it matches the hostname requirements in Automatic HTTPS — Caddy Documentation, i.e. localhost, *.localhost, *.local.
You’ll need to use the tls internal directive in those sites if you want to use the internal issuer.
To have your system trust Caddy’s certs, you’ll need to run caddy.exe trust, which will pull the root cert from Caddy’s running instance on the same machine, and attempt to install it in the various trust stores it can on Windows. Some browsers/clients may require manual installation, in which case you’ll need to grab the root cert from Caddy’s storage location (see your logs, Caddy will report its data storage location if you run with --environ) and manually install it to those trust stores.
If you’re trying to connect from a different machine, then you’ll need to do the cert installation on those machines as well. You can either do it manually, or you can run caddy trust on those machines, using the --address flag to point to the admin endpoint of your Caddy instance – note that the admin endpoint only listens on localhost:2019 by default, so you’d need to change that to :2019 to allow other machines on your network to access it – keep in mind this is risky though because then anyone on the network can change Caddy’s config or shut it down etc.
That did the trick!
Chrome worked fine after those first two items, tls internal and caddy trust.
Some browsers/clients may require manual installation, in which case you’ll need to grab the root cert from Caddy’s storage location (see your logs, Caddy will report its data storage location if you run with --environ) and manually install it to those trust stores.
But I had to do an extra step for Firefox like your sentence above states. This is what I did that worked for me:
Starting with version 49, Firefox can be configured to automatically search for and import CAs that have been added to the Windows certificate store by a user or administrator.
Enter “about:config” in the address bar and continue to the list of preferences.
Set the preference “security.enterprise_roots.enabled” to true.