I am running Caddy2 in Docker to obtain automatic certificates. I would like to use these certificates then also in my other dockerized services.
I am sharing the folder in which certificates are stored between the containers.
What I do is that I get domain.crt, convert it to pem, add key and dhparams and that is what I use as a cert in other docker container.
openssl x509 -in /etc/certs/$DOMAIN_PREFIX.crt -out /$DOMAIN_PREFIX.pem -outform PEM
cat /etc/certs/$DOMAIN_PREFIX.key >> /$DOMAIN_PREFIX.pem
openssl dhparam -out /dhparam.pem 2048
cat /dhparam.pem >> /$DOMAIN_PREFIX.pem
So far I have implemented it in only one container, specifically, running Domoticz home automation SW.
This works fine, I can now access Domoticz using HTTPS and my certificates are working as expected in all browsers I have tried.
However, I also wrote some Python scripts that access my Domoticz and those complain about certificate. While debugging this, I also found out that curl or wget complain about certificate problem.
Checking with openssl I get this:
$ openssl s_client -connect localhost:8081 --showcerts
CONNECTED(00000003)
Can’t use SSL_get_servername
depth=0 CN =
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN =
verify error:num=21:unable to verify the first certificate
verify return:1
Using Google it seems that I need to use fullchain certificate instead of just the single (?) certificate for site. Is there a way to get fullchain certificate from Caddy? It seems to be working fine on the Caddy-served web site I have, but not in my Domoticz, when I compare those with openssl and it also works fine with wget and curl. So Caddy must keep the fullchain somewhere.
I would appreciate any help or pointing in the correct direction.
Thanks.