How to use https in private network

bjdaijun · April 15, 2022, 2:41am

1. Caddy version (`caddy version`):

2.4.6

2. How I run Caddy:

systemctl start caddy

a. System environment:

ubuntu 20.04

b. Command:

systemctl start caddy

mkcert -key-file multi.key -cert-file multi.crt *.domain 127.0.0.1 172.28.84.82

c. Service/unit/compose file:

Paste full file contents here.
Make sure backticks stay on their own lines,
and the post looks nice in the preview pane.

d. My complete Caddyfile or JSON config:

https://172.28.84.82:8000 {
        root * /usr/share/caddy
        tls /etc/caddy/multi.crt /etc/caddy/multi.key
        file_server
}

3. The problem I’m having:

caddy not start successfully.

4. Error messages and/or full log output:

root@primary:/etc/caddy# systemctl status caddy
● caddy.service - Caddy
Loaded: loaded (/lib/systemd/system/caddy.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Fri 2022-04-15 10:35:39 CST; 4s ago
Docs: Welcome — Caddy Documentation
Process: 2514 ExecStart=/usr/bin/caddy run --environ --config /etc/caddy/Caddyfile (code=exited, status=1/FAILURE)
Main PID: 2514 (code=exited, status=1/FAILURE)

Apr 15 10:35:39 primary caddy[2514]: INVOCATION_ID=a088596121e448d3ab530f055a370b23
Apr 15 10:35:39 primary caddy[2514]: JOURNAL_STREAM=9:39184
Apr 15 10:35:39 primary caddy[2514]: {“level”:“info”,“ts”:1649990139.955685,“msg”:“using provided configuration”,“config_file”:“/etc/caddy/Caddyfile”,“config_adapter”:“”}
Apr 15 10:35:39 primary caddy[2514]: {“level”:“info”,“ts”:1649990139.9598794,“logger”:“admin”,“msg”:“admin endpoint started”,“address”:“tcp/localhost:2019”,“enforce_origin”:false,“origins”:>
Apr 15 10:35:39 primary caddy[2514]: {“level”:“info”,“ts”:1649990139.9601595,“logger”:“tls.cache.maintenance”,“msg”:“started background certificate maintenance”,“cache”:“0xc00053dd50”}
Apr 15 10:35:39 primary caddy[2514]: {“level”:“info”,“ts”:1649990139.960245,“logger”:“tls.cache.maintenance”,“msg”:“stopped background certificate maintenance”,“cache”:“0xc00053dd50”}
Apr 15 10:35:39 primary systemd[1]: Started Caddy.
Apr 15 10:35:39 primary caddy[2514]: run: loading initial config: loading new config: loading http app module: provision http: getting tls app: loading tls app module: provision tls: loadin>
Apr 15 10:35:39 primary systemd[1]: caddy.service: Main process exited, code=exited, status=1/FAILURE
Apr 15 10:35:39 primary systemd[1]: caddy.service: Failed with result ‘exit-code’.

5. What I already tried:

IF use tls internal in Caddyfile, https works fine.

tls internal

6. Links to relevant resources:

francislavoie · April 15, 2022, 11:14am

The logs are truncated, notice the > at the end. Don’t use systemctl status caddy to check your logs.

See here in the docs, for the recommended command to check your logs:

You don’t need to use mkcert though, Caddy’s built-in internal CA can do that for you. You can install Caddy’s root CA cert onto the systems/browsers that need to trust your Caddy server.

bjdaijun · April 15, 2022, 10:12pm

journalctl -u caddy --no-pager | less +G

Shows that caddy do not have permission to access /etc/caddy/multi.cert
So, It’s solved now.

system · May 15, 2022, 2:42am

This topic was automatically closed after 30 days. New replies are no longer allowed.