Having troubles with enabling Comodo ECC SSL cert

fsv · May 12, 2017, 8:16am

I am trying to install a Comodo SSL certificate based on an ECDSA key. I have added the following code to my Caddyfile:

fokin.ca {
    root /var/www
    gzip
    tls /etc/ssl/caddy/fokin-ec-bundle.pem /etc/ssl/caddy/fokin-ec-key.pem
}

In /etc/ssl/caddy/fokin-ec-bundle.pem I have my domain cert + intermediate + root from top to bottom,
In /etc/ssl/caddy/fokin-ec-key.pem I have the private key.

Server OS - Ubuntu 16.04 LTS

Caddy restarts after adding the code above, but neither port 80 nor 443 is working. Netstat shows that port 2015 is bound to Caddy.

When I specify tls my@email.address (to get a Lets Encrypt certificate), everything is fine.

So I am wondering maybe I am missing something in my Caddyfile config.

zero-x-baadf00d · May 12, 2017, 8:42am

Hello,

Yeah, I have encountered the same issue with my own SSL certificate. As workaround, you can forcing the real HTTPS port by adding :443 on your conf block.

fokin.ca:443 {
    root /var/www
    gzip
    tls /etc/ssl/caddy/fokin-ec-bundle.pem /etc/ssl/caddy/fokin-ec-key.pem
}

fsv · May 12, 2017, 9:22am

Thank you! Yeah, it worked. Wondering if this is really a workaround or a “correct” configuration as per design. If it is the latter one, then it should be documented.

Maverik · May 12, 2017, 11:29am

It is the intended behaviour. The documentation clearly states that default port is 2015 & default scheme is http.

The default port is 2015 (unless the site qualifies for automatic HTTPS, in which case it’s changed to 443)

port 80 is automatically enabled as well when the site qualifies for automatic HTTPS because its a requirement for Lets Encrypt ACME challenge.

See: https://caddyserver.com/docs/http-caddyfile#addresses

fsv · May 12, 2017, 11:40am

Got it, thank you!

system · August 10, 2017, 11:53am

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.