How to replace Caddy SSL with COMODO SSL/any of my own certificate

Hi,

I’m using Caddy server for my website with postal script running on Ubuntu 20.14. And enabled Caddy SSL for my website.
Unfortunately, postal script is not supported to use EC Keys for TLS authentication to send emails securely, the postal script supports only RSA PRIVATE KEY instead of EC PRIVATE KEY.

Therefore, I wanted to use my own certificate(COMODO) instead of FREE SSL offered by Caddy. So can anyone please help me on how to replace the current SSL with my own SSL?

Below are the folders / files available on my server currently…

Folder :caddy-data
File: Caddyfile

Folders and structure:

caddy-data has one folder i.e., → caddy

caddy has four folders i.e., → acme , certificates , locks and ocsp

/caddy-data/caddy/certificates/acme-v02.api.letsencrypt.org-directory/

acme-v02.api.letsencrypt.org-directory Has 3 files i.e., → mydomain.com.crt , mydomain.com.key , mydomain.com.json

My Caddyfile is as follows :-

mydomain.com
{
reverse_proxy 127.0.0.1:5000
}

And mydomain.com.json file is as follows;

{
"sans": [ "mydomain.com" ] , "issuer_data":
{
"url": "https://acme-v02.api.letsencrypt.org/acme/cert/046------a3e8-----cafbf5"
}
}

so, please let me know what exact steps to follow to replace current SSL with my own SSL, and where to upload my COMODO SSL files.

Or, let me know If there is any way to generate RSA PRIVATE KEY instead of EC PRIVATE KEY with CaddySSL.

Thank you in advance!

Your question has already been answered on Github. It’s unclear what you’re not understanding at this point.

Hi Sir,

Firstly my heartfelt thanks to you for the quick response.

I’m quite confusing with it, Could you please let me know little brief on where to upload the COMODO SSL files and what other CODES to be added and where exactly…please…

I think that I need to add the below lines to my Caddyfile ?

tls [internal|<email>] | [<cert_file> <key_file>] {
protocols <min> [<max>]
ciphers <cipher_suites...>
curves <curves...>
alpn <values...>
load <paths...>
ca <ca_dir_url>
ca_root <pem_file>
key_type ed25519|p256|p384|rsa2048|rsa4096
dns <provider_name> [<params...>]
resolvers <dns_servers...>
eab <key_id> <mac_key>
on_demand
client_auth {
mode [request|require|verify_if_given|require_and_verify]
trusted_ca_cert <base64_der>
trusted_ca_cert_file <filename>
trusted_leaf_cert <base64_der>
trusted_leaf_cert_file <filename>
}
issuer <issuer_name> [<params...>]
}

I have been provided with three different files( xyz.ca-bundle , xyz.crt and xyz.key) from the SSL provider and uploaded them into /etc/ssl folder on my server. So please guide me little brief on how/what exact steps to follow to achieve it…
My humble request to you to please don’t frustrate, and help me If possible.

Many many thanks in advance!

Please be very kind to help me since I’m really not familiar with such things before. Thank you in advance!

Kind Regards,
XenyFord

Hi Sir,

Sorry for troubling you many times with frequent questions because I’m really very new to Caddy. Could you please let me know the exact syntax to be mentioned in Caddyfile to replace Caddy SSL with COMODO SSL?

I tried this way in my Caddyfile, but it’s not working

mydomain.com   {
reverse_proxy 127.0.0.1:5000
  tls {
   ca_cert_file /etc/ssl/xyz.crt
   ca_key_file /etc/ssl/xyz.key
  }
}

Below are the files and paths of COMODO SSL on my server;

/etc/ssl/xyz.crt

/etc/ssl/sxy.key

/etc/ssl/xyz.ca-bundle

Please guide me with exact syntax to put in Caddyfile. Thank you in advance!

If you want to use your own certicate the syntax is

tls certfile keyfile

so it is

mydomain.com {
  tls /etc/ssl/xyz.crt /etc/ssl/xyz.key
  reverse_proxy 127.0.0.1:5000
}
2 Likes

Hi Mr. Jochen,

I made the changes as per your guidance, and my Caddyfile has been modified as below, But still nothing worked for me.

mydomain.com {
  tls /etc/ssl/xyz.crt /etc/ssl/xyz.key
  reverse_proxy 127.0.0.1:5000
}

ERROR

Please let me know If there is anything I need to modify. Thank you in advance!

That’s not useful. What isn’t working? What’s in your logs? What do you see when you make a request with curl -v? Please remember that we don’t know what you’ve tried. It wastes time for both of us when you give limited information.

Hi Sir,

I’m really very sorry for troubling you. As I said earlier, I’m really not familiar with this Caddyserver So could you please let me know where can I see the error log at this situation? please.

thank you in advance!