Local Caddy CA help: Root key not auto-generating

1. Output of caddy version:

v2.5.2 h1:eCJdLyEyAGzuQTa5Mh3gETnYWDClo1LjtQm2q9RNZrs=

2. How I run Caddy:

Locally, built with xcaddy run --config caddy.json
Includes private plugin that is almost functionally identical to caddy_rest_storage
(xcaddy version: v0.3.1 h1:XKmnGnGTeB53hLUgnGr/R4JbTNSxh8IBAFcJkrtycso=)

a. System environment:

macOS monterrey

b. Command:

./caddy --config config.json

(built with xcaddy as mentioned above)

c. Service/unit/compose file:

Paste full file contents here.
Make sure backticks stay on their own lines,
and the post looks nice in the preview pane. -->

d. My complete Caddy config:

{
  "admin": {
    "enforce_origin": false,
    "listen": "localhost:2018"
  },
  "apps": {
    "pki": {
      "certificate_authorities": {
        "local": {
          "name": "test-authority",
          "root": null
        }
      }
    },
    "tls": {
      "automation": {
        "policies": [
          {
            "issuers": [
              {
                "module": "internal"
              }
            ]
          }
        ]
      }
    },
    "http": {
      "servers": {
        "srv0": {
          "listen": [
            ":80",
            ":443",
            ":3908"
          ],
          "routes": [
            {
              "match": [
                {
                  "host": [
                    "localhost"
                  ]
                }
              ],
              "handle": [
                {
                  "handler": "subroute",
                  "routes": [
                    {
                      "handle": [
                        {
                          "body": "hello there",
                          "handler": "static_response"
                        }
                      ]
                    }
                  ]
                }
              ],
              "terminal": true
            }
          ]
        }
      }
    }
  },
  "storage": {
    "module": "rest",
    "endpoint": "http://localhost:3000/tls/rest-storage",
    "api_key": "<redacted>"
  }
}

3. The problem I’m having:

I’m attempting to test my REST storage plugin (connected to a sql db). I’m getting an error saying the root key does not exist. This is expected because my DB doesn’t have the root key yet, so the REST API returns a 404. However, since root is null in my config, the docs say that the root key should be generated for me.

It did however sucessfully create pki/authorities/local/root.crt.

4. Error messages and/or full log output:

2022/09/12 17:29:05.207 INFO    using provided configuration    {"config_file": "caddy.json", "config_adapter": ""}
2022/09/12 17:29:05.208 INFO    admin   admin endpoint started  {"address": "tcp/localhost:2018", "enforce_origin": false, "origins": ["//localhost:2018", "//[::1]:2018", "//127.0.0.1:2018"]}
run: loading initial config: loading new config: loading pki app module: provision pki: provisioning CA 'local': loading root key: file does not exist

5. What I already tried:

I tried running caddy trust like so:

./caddy trust --config caddy.json

But of course you need caddy already running, which isn’t possible because of the error above. See error logs:

2022/09/12 17:32:29.177 INFO    using provided configuration    {"config_file": "caddy.json", "config_adapter": ""}
trust: requesting CA info: performing request: Get "http://localhost:2018/pki/ca/local": dial tcp [::1]:2018: connect: connection refused

6. Links to relevant resources:

Does the “file does not exist” error happen even with the standard file storage? I ask because that error doesn’t seem to be one that we generate, thus I’m skeptical of the storage module.

It worked fine with local storage.

I believe it was caused because the corresponding REST API was not managing things correctly and so we had a cert with no key. I deleted the cert to start over and everything worked.

Thank you!

1 Like