Is it possible Decrypt/decompress certificates

1. Caddy version (caddy version):

i use the caddy version 2.3.0

2. How I run Caddy:

i run caddy as a docker container with consul as a storage backend

a. System environment:

ubuntu 20.04

b. Command:

not relevant

c. Service/unit/compose file:

not relevant since caddy is working

d. My complete Caddyfile or JSON config:

not relevant since caddy is working

3. The problem I’m having:

my problem is that i want to get the certificates out of consul. But it seems like that they are compress/encrypted.

4. Error messages and/or full log output:


gzip: stdin: not in gzip format

5. What I already tried:


gzip: stdin: not in gzip format

tried already to get to put into a file from consul base64 encoded etc

6. Links to relevant resources:

i thought that is only compress like traffic does/did this in previous versions.
sorry for the weird url

It’s not clear what you’re trying to do. Please elaborate. Your config is important to this discussion, please include it.

well here is the config:

{
   debug
   http_port "80"
   https_port "443"
   storage "consul" {
      address "127.0.0.1:8500"
      #prefix "traefik"
      prefix "caddy"
   }
   admin ":2019" {
      origins "*" # should be set to something which is only internal and only used to configure caddy via api/json
   }
   log {
      output stdout
      format json
   }

   auto_https disable_redirects
   email certs@backbiosis.com
   acme_ca "https://acme-staging-v02.api.letsencrypt.org/directory"


}
## http in front for only listening on http and not https
mailer.backbiosis.com {
   reverse_proxy 192.168.1.30:8080 192.168.1.31:8080 {
      # to //set to upstream
      lb_policy random
      health_uri /
      health_status 300
   }
   log
}
admin.backbiosis.com {
   reverse_proxy 192.168.1.30:80 192.168.1.31:80 {
      # to //set to upstream
      lb_policy ip_hash
      health_uri /
      health_status 300
   }
   log
}

here an extension what i tried to do. since it seems i missed something in the examnple:

./consul kv get caddy/certificates/acme-staging-v02.api.letsencrypt.org-directory/admin.backbiosis.com/admin.backbisosis.com.crt | gunzip -dc > cert.crt

gzip: stdin: not in gzip format

And my question is. How do can i get the certificates out of consul.
like stated in the example above.

As a file

I think you should ask the plugin author by opening an issue on the github repo:

1 Like

alright. thanks for the quick feedback!

It’s actually quite easy to do this and I’ve added an example to the issue: https://github.com/pteich/caddy-tlsconsul/issues/17#issuecomment-875418971

2 Likes

This topic was automatically closed after 30 days. New replies are no longer allowed.