HTTPS in Local Network not working

1. Caddy version (2.4.5):

2. How I run Caddy:

I run caddy in my home network, the main computer ip is, and I have another computer wit the ip
I have my node server runnig on main pc at 192.168.100:2021, this is the server I want to https to my other computer.

a. System environment:

Windows 10 with caddy.exe

b. Command:

caddy run

c. Service/unit/compose file:

Not using

d. My complete Caddyfile or JSON config: {

3. The problem I’m having:

SSL is not working from the other computer to my main, certified is not valid, I understand that the certified is only for, but how can I use it from any computer???

4. Error messages and/or full log output:

In the browser the https is crossed and it says that the cerfied is not valid and its a security risk.

5. What I already tried:

I’ve tried doing this:

server.local {
} {
  tls internal

But my other computer cant connect to this types of url, only ip’s.

Also messing with tls, but my knowledge is not to great. And the caddy didnt start.

I’ve tried everything in the link below.

6. Links to relevant resources:

The configurations that you are showing are not going to work, in that you are setting up rules for caddy on your “main computer” to listen on on port 2020, and then “reverse proxy” (send the traffic to) the same computer on port 2021 in the configuration example you gave (both hosts are listed as

Consider the following “structure” to the configuration rule you are attempting

host_ip_caddy_will_listen_on:port_on_caddy_host  {
             reverse_proxy  host_ip_of_the_other_computer:port_on_that_other_host

so for the configuration you are describing in your opening statement it should look more like this, note that you can specify https:// for the rule so caddy knows to use its local root and intermediate CA to issue a certificate to be used when clients connect to that host over https. {

Note the following

  1. Caddy in its default configuration can NOT provide a certificate for the host if its running on the host. The connection from the caddy server back to the second ( server will need to be HTTP not HTTPS. You could set up caddy on both hosts and have caddy provide a TLS certificate for https on each host, but that looks to be overly complex for what you are trying to do.

  2. Your browser WILL NOT TRUST the Certificate Authority (CA) that is issuing the TLS certificate caddy is using, unless you are running the browser on the host. You will receive a certificate trust error on connection to the host if its a different machine, no matter what. You would need to import the caddy local root CA certificate into your local trust store on the computer your browser is running on for it to work without trust warnings. Caddy on windows will install its root CA automatically into the windows user trust store, so you would need to export it from there and then import it on the computer your browser is running on. (I’m not 100% sure on windows where caddy stores its root.crt file or if its only ephemeral as its imported into the windows local user’s trusted authority store).

  3. Why all the complexity here? What is the benefit of 2 computers serving what is a single web server here and the need for 2 separate HTTPS listeners. A far simpler configuration would be to have caddy running on the same host ( with a configuration like so: {
     reverse_proxy https://localhost:2021

Watch the following guides to understand the basics HTTPS, Certificate Authorities, certificates and trust. Realize that caddy server is acting as the CA for issuing a certificate on demand to itself for the host you are configuring it on. When it does this on windows it installs the CA into the local windows user’s trust. But that locally installed trust wont work if you are running your browser on a different computer.

Intro to digital certificates

Digital Certificates: Chain of Trust

Digital Certificates: Chain of Trust

Then read caddy’s documentation on local automatic https

One fundamental thing to understand is that each individual host (the main computer and the other computer) would need a TLS certificate issued to protect the host name / IP address. Caddy takes care of setting up a local Certificate Authority and issuing certificates to protect hostnames and IP addresses for the system it is running on by default.


As on Linux, it will be stored in Caddy’s default storage location. Starting Caddy with the --environ flag will reveal where the AppData location is for Caddy in the logs. It depends how it’s being run and what under which user Caddy is being run. Then in the storage, the CA cert will be at pki/authorities/local/root.crt

1 Like

Thanks @francislavoie!

So @FuturApp, what that means is on the server you are running caddy on, that you should start caddy with the configuration based on the example I gave {

You would run from the command line caddy run --environ --config <file> to identify caddy’s configuration path, and then use file explorer to [that path given by the caddy --environ command]\pki\authorities\local\root.crt. Note that the --config <file> would point to the Caddyfile you are passing your configuration statement in for the server and reverse proxy statement we talked about above.

Copy root.crt to the computer you are running your browser on (if its not and then you can follow these instructions to install that root.crt Certificate Authority (CA) certificate in your browser. Depending on your browser type you might need to google for specific instruction, but if you are using chrome you can follow this guide to install trust in your windows desktop login:

There are more detailed ways to do this (for example installing trust for all users in the local machine rather than specific user account)

or if on mac OS

Or ubuntu

Note that this certificate authority certificate will NOT give you https on your server. If you watched the material I shared you should understand at this point the difference between a CA certificate (what we are talking about now) vs a Private key and certificate issued to the host IP or FQDN which is what would be required to ALSO have HTTPS for the server on the host.

Watch the videos, read the docs, let us know if you have any further questions.


Wow… Thx guys for all this information and your time, Im going to read all of this and try everything, then I’'ll give some feedback, thx again.


How goes it? Any questions on what you have reviewed so far?

This topic was automatically closed after 30 days. New replies are no longer allowed.